Web applications and Web APIs remain the top target of attackers. .NET developers must know how their applications can be exploited in order to secure them effectively. In this fast-paced, demo-driven session, you'll step into the shoes of an ethical hacker to see how real vulnerabilities are found, exploited, and mitigated in ASP.NET Core and modern Web APIs.

We’ll walk through live demonstrations of attacks like SQL injection, cross-site scripting (XSS), CSRF, broken authentication, insecure deserialization, BOLA (Broken Object Level Authorization), and more,showing how simple mistakes can create serious risks. Then you'll learn how to harden your applications using built-in ASP.NET Core capabilities, secure coding patterns, minimal APIs, rate limiting, and modern authentication/authorization practices.

Finally, you’ll see how Microsoft Azure helps protect your applications with services such as API Management, Front Door, WAF, Key Vault, Defender for Cloud, and GitHub Advanced Security.

You'll leave with a practical, developer-focused playbook for protecting your web applications and APIs from today's most dangerous threats.