Security audits are an important part of the development lifecycle. One obvious goal is to provide the auditor as little attack surface, as possible - just like giving a real attacker little chance to find and exploit any issues. There are several security aspects that take little time to check, for instance the presence or absence of certain application settings or HTTP headers. It is crucial to configure your Azure-hosted ASP.NET Core web application so that all of these criteria are met. The presenter frequently conducts security audits and will share secrets and experiences from his work. He will reveal a typical security audit check list, and show you how to properly configure your application and/or Azure to meet those requirements.

You will learn:

• Understanding how a web application pen test works
• Understanding what auditors are looking for
• Understanding security features in ASP.NET Core and how to leverage them