Building secure applications is a difficult task, especially in combination with building it based on a new application framework. ASP.NET Core is a new open-source and cross-platform framework completely rewritten from scratch. It can run on Windows, Mac and Linux and the framework moved to a more modular based approach which gives more flexibility when creating solutions with it.
How secure is ASP.NET Core by default? Do the API’s help the developer out doing a good job or is a mistake easily made? In this session, we're going to investigate how ASP.NET Core MVC deals with the above questions related to e.g. Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) issues. We’re also going to extend it and adapt new web standards and see how we can validate an existing solution for the problems we’ve identified.