A curated list of awesome .NET Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Contents
Tools
Libraries
- .NET Core Security Headers - Middleware for adding security headers to an ASP.NET Core application.
- NetEscapades.AspNetCore.SecurityHeaders - Small package to allow adding security headers to ASP.NET Core websites.
- HtmlSanitizer - Cleans HTML to avoid XSS attacks.
- JWT .NET - Jwt.Net, a JWT (JSON Web Token) implementation for .NET.
- NWebsec - Security libraries for ASP.NET.
- AspNetSaml - SAML client library, allows adding SAML single-sign-on to your ASP.NET app.
- AspNetCoreRateLimit - Package that will let you set rate limits for your .NET Core Api.
Static Code Analysis
- GuardRails - Continuous verification platform that integrates tightly with leading version control systems.
- Security Code Scan - Vulnerability Patterns Detector for C# and VB.NET.
- Puma Scan - Puma Scan is a .NET software secure code analysis tool providing real time, continuous source code analysis.
- DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.
- SonarQube - SonarC# and SonarVB are static code analyser for C# and VB.NET languages used as an extension for the SonarQube and SonarCloud platforms. It will allow you to produce stable and easily supported code by helping you to find and to correct bugs, vulnerabilities and smells in your code.
Vulnerabilities and Security Advisories
- RetireNET - CLI extension to check your project for known vulnerabilities.
- OWASP Dependency Check - Detects publicly disclosed vulnerabilities in application dependencies.
- NuGet tool package - Nuget tool package for OWASP Dependency Check
- Audit.NET - Identify known vulnerabilities in .net NuGet dependencies.
- Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
- .NET Security Announcements - Watch this repo to receive security announcements in .NET Core
- Snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in NuGet libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities in .NET Core that were assigned a CVE.
- National Vulnerability Database - .NET related known vulnerabilities in the National Vulnerability Database.
Educational
Hacking Playgrounds
- WebGoat.NET - OWASP WebGoat.NET
- Damn Vulnerable Thick Client App - DVTA is a Vulnerable Thick Client Application developed in C# .NET
- ASP.NET Vulnerable Site - Online .NET application that can be used to practice hacking.
Articles, Guides & Talks
- Anti-Request Forgery - Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks.
- Prevent Cross-Site Scripting - Prevent Cross-Site Scripting (XSS).
- Protect Secrets in Development - Safe storage of app secrets in development
- .NET Security Cheat Sheet - Quick, basic .NET security tips for developers.
- Hardening the security of your ASP.NET core apps - Lessons learned after a third-party penetration test.
- Secure Coding Guidelines - Microsoft's take on secure coding guidelines.
- Security Headers - Adding Default Security Headers in .NET Core.
- The ASP.NET Core security headers guide - Another take on adding security headers in ASP.NET Core.
- Security Best Practices for ASP.NET MVC - Building Secure ASP.NET MVC Web Applications.
Other
Reporting Bugs
Contributing
Found an awesome project, package, article, or another type of resources related to .NET Security? Submit a pull request! Just follow the guidelines. Thank you!
