Part 4 Configuration

So far, most of the book has been rather code-centric, showcasing APIs and features of ASP.NET Core to mitigate many attacks. In this part of the book, however, configuration options are in the spotlight.

Chapter 9 introduces many HTTP headers that enable security features in modern browsers. Several of them are considered “quick wins”: the security of a web application can be increased with very little effort. Chapter 10 discusses error handling, including best practices and how to create innocuous error pages that do not provide attackers with interesting bits of information. Chapter 11 then talks about logging in ASP.NET Core and a relatively unnoticed feature, health checks.