A curated list of awesome .NET Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
- .NET Core Security Headers - Middleware for adding security headers to an ASP.NET Core application.
- NetEscapades.AspNetCore.SecurityHeaders - Small package to allow adding security headers to ASP.NET Core websites.
- HtmlSanitizer - Cleans HTML to avoid XSS attacks.
- JWT .NET - Jwt.Net, a JWT (JSON Web Token) implementation for .NET.
- NWebsec - Security libraries for ASP.NET.
- AspNetSaml - SAML client library, allows adding SAML single-sign-on to your ASP.NET app.
Static Code Analysis
- Security Code Scan - Vulnerability Patterns Detector for C# and VB.NET.
- Puma Scan - Puma Scan is a .NET software secure code analysis tool providing real time, continuous source code analysis.
- DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.
Vulnerabilities and Security Advisories
- RetireNET - CLI extension to check your project for known vulnerabilities.
- OWASP Dependency Check - Detects publicly disclosed vulnerabilities in application dependencies.
- NuGet tool package - Nuget tool package for OWASP Dependency Check
- Audit.NET - Identify known vulnerabilities in .net NuGet dependencies.
- Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
- .NET Security Announcements - Watch this repo to receive security announcements in .NET Core
- Snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in NuGet libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities in .NET Core that were assigned a CVE.
- National Vulnerability Database - .NET related known vulnerabilities in the National Vulnerability Database.
- WebGoat.NET - OWASP WebGoat.NET
- Damn Vulnerable Thick Client App - DVTA is a Vulnerable Thick Client Application developed in C# .NET
- ASP.NET Vulnerable Site - Online .NET application that can be used to practice hacking.
Articles, Guides & Talks
- Anti-Request Forgery - Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks.
- Prevent Cross-Site Scripting - Prevent Cross-Site Scripting (XSS).
- Protect Secrets in Development - Safe storage of app secrets in development
- .NET Security Cheat Sheet - Quick, basic .NET security tips for developers.
- Hardening the security of your ASP.NET core apps - Lessons learned after a third-party penetration test.
- Secure Coding Guidelines - Microsoft's take on secure coding guidelines.
- Security Headers - Adding Default Security Headers in .NET Core.
Found an awesome project, package, article, or another type of resources related to .NET Security? Submit a pull request! Just follow the guidelines. Thank you!