From the course: ASP.NET: Security
Sample application introduction
From the course: ASP.NET: Security
Sample application introduction
- [Instructor] For some of the aspects of this course, we will have a demo application, an E-commerce shop if you want. Well, it's rather a very, very simple shop but it's also very, very insecure so we build some security issues into that shop and we'll use that not only to prove that there are issues but also to show you how to fix those issues. You will get the source code for the shop and the shop will, in the version you will be getting, feature a warning that you should definitely not use this in production, actually you must not use this in production or anywhere else, it's just for you to see how security issues can happen and much more importantly, how we can fix them. This is the website of famous sports brand, H+ Sport, here at hplussport.com. If you've never heard of that brand, well, I'm a bit disappointed, I mean you should know that brand because it's just a fake brand that LinkedIn invented for LinkedIn Learning and some of their other assets. Now this is the actual website online and this website features a shop. The shop software here is a standard shop software and I hope it's very secure but I made my own version of that shop, a very simplified version of that shop but one that is not as secure as the shop here so don't worry, if you go to the actual hplussport.com website, you will see a proper shop but you won't be able to order anything anyway but the version you'll be seeing now, that is my version which also doesn't allow any kind of ordering but allows an attacker some other kind of fun. The Visual Studio solution, HPlusSport, consists of two projects, a Web API project and an ASP.NET project. Let's start with the Web API project, that one is really, really simple, we will need it for one very specific security topic later on, it has one controller and this controller uses advanced mathematics and some other sophisticated means to determine the current temperature. Well essentially we are drawing a random number so we have between 30 and 90 Fahrenheit and that's give or take between zero and 30 degrees Celsius. This solution needs to be made so that it's active, I already did this but the main solution we will be working with and the main project in this solution is the ASP.NET web application is a web application that implements our shop. It uses the common default setup for ASP.NET MVC so we have a couple of models, we have a few controllers and we have a couple of views, we also have several static files because I essentially lifted that shop from the hplussport.com website that LinkedIn Learning set up so basically the shell, so to speak, is the one from the online website so it's loading quite a few assets, there also might be some links leading into the actual application but then I removed most of the stuff that's not interesting to us and implemented a very simple yet very insecure version of the shop and most of this happens in the shop controller and in the associated views for that shop. So set this up as a starter project and run the application so that we can have a look at what's actually happening in the browser.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
