In this chapter, we have looked at the common vulnerabilities that we need to be aware of when developing software applications with ASP.NET Core 3. If we are going to effectively build a secure solution, it is quite important to have an idea from what angle a malicious attack is going to come from.

We looked at XSS attacks, where a malicious user piggybacks on an authentic user's identity with the aim of injecting scripts into HTML. We saw that one of the ways a hacker can gain a user's identity is by cookie stealing, which we can prevent by tagging our cookies with an HttpOnly attribute.

We looked at eavesdropping, message tampering, and message replay using network gadgets, and we also had a look at open redirect/XSR attacks, which redirect a user to external malicious websites. We looked at SQL injection, XSRF/CSRF, JS/JSON hijacking, over-posting, and clickjacking. We also saw how important it is to do proper error reporting.

After learning about possible attacks and learning how to make sure that we are prepared for those kinds of attacks, we are now in a good position to put our application into production, where it will be exposed to public users. It's a good time to move on to the next chapter, in which we will be deploying and hosting our secured ASP.NET Core 3 application. Stay focused.