ASP.NET Core is the latest Microsoft framework in town currently on its second major release. It is designed to be secure by default, but is this enough for a security conscious organization? In this talk we examine: - What are the secure defaults, and what are their threat models? - Common options for hardening applications such as HTTPS Enforcement, Data Protection, HSTS, and CSP. - Answer the question: does ASP.NET Core protect against the OWASP Top 10?

I am a software engineer obsessed with best practices in technology and security. Microsoft developer by day and avid learner by night, I scour podcasts, posts, books, and online courses for upcoming industry trends. As a speaker, my goal is to grow the community by sharing my experiences and failures.

Back to Converge 2018 video list