diff --git a/csharp/ql/test/experimental/CWE-918/options b/csharp/ql/test/experimental/CWE-918/options
index 09b08bf4d270..f81b977ac98d 100644
--- a/csharp/ql/test/experimental/CWE-918/options
+++ b/csharp/ql/test/experimental/CWE-918/options
@@ -1,3 +1,3 @@
 semmle-extractor-options: /nostdlib /noconfig
 semmle-extractor-options: --load-sources-from-project:${testdir}/../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
-semmle-extractor-options: ${testdir}/../../resources/stubs/System.Web.cs
\ No newline at end of file
+semmle-extractor-options: ${testdir}/../../resources/stubs/System.Web.cs
diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/remote/options b/csharp/ql/test/library-tests/dataflow/flowsources/remote/options
index 9290f65d5b22..63ce15b2b4f4 100644
--- a/csharp/ql/test/library-tests/dataflow/flowsources/remote/options
+++ b/csharp/ql/test/library-tests/dataflow/flowsources/remote/options
@@ -1,3 +1,4 @@
 semmle-extractor-options: /nostdlib /noconfig
-semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
 semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs
+semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.Http.cs
diff --git a/csharp/ql/test/library-tests/dataflow/global/options b/csharp/ql/test/library-tests/dataflow/global/options
index a2859a6265b1..96b0b028bdd2 100644
--- a/csharp/ql/test/library-tests/dataflow/global/options
+++ b/csharp/ql/test/library-tests/dataflow/global/options
@@ -1,3 +1,3 @@
 semmle-extractor-options: /nostdlib /noconfig
-semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/Newtonsoft.Json/13.0.3/Newtonsoft.Json.csproj
-semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs
\ No newline at end of file
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
+semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/options b/csharp/ql/test/query-tests/Security Features/CWE-117/options
index cffffd064100..5dfd0afb374f 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-117/options	
+++ b/csharp/ql/test/query-tests/Security Features/CWE-117/options	
@@ -1,4 +1,3 @@
 semmle-extractor-options: /nostdlib /noconfig
-semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
 semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
 semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/options b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/options
index fb93d69d6b43..9d05f9bf06d4 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/options	
+++ b/csharp/ql/test/query-tests/Security Features/CWE-285/MissingAccessControl/WebFormsTests/options	
@@ -1,3 +1,3 @@
 semmle-extractor-options: /nostdlib /noconfig
 semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
-semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs
\ No newline at end of file
+semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/options b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/options
index daca5d73f552..7553ab79ad31 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/options	
+++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/options	
@@ -1,4 +1,3 @@
 semmle-extractor-options: /nostdlib /noconfig
-semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
 semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
 semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/options b/csharp/ql/test/query-tests/Security Features/CWE-611/options
index d449cb3057f0..ea31b8476dd2 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-611/options	
+++ b/csharp/ql/test/query-tests/Security Features/CWE-611/options	
@@ -1 +1,2 @@
-semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll /r:System.Xml.ReaderWriter.dll /r:System.Private.Xml.dll /r:System.Runtime.Extensions.dll
+semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs
+semmle-extractor-options: /r:System.Collections.Specialized.dll /r:System.Xml.ReaderWriter.dll /r:System.Private.Xml.dll /r:System.Runtime.Extensions.dll
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/options b/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/options
index a5d7077ef37a..9290f65d5b22 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/options	
+++ b/csharp/ql/test/query-tests/Security Features/CWE-639/WebFormsTests/options	
@@ -1,3 +1,3 @@
 semmle-extractor-options: /nostdlib /noconfig
 semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
-semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs
\ No newline at end of file
+semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs
diff --git a/csharp/ql/test/resources/stubs/System.Net.cs b/csharp/ql/test/resources/stubs/System.Net.cs
index 939c70c792e8..49ad43b1d394 100644
--- a/csharp/ql/test/resources/stubs/System.Net.cs
+++ b/csharp/ql/test/resources/stubs/System.Net.cs
@@ -49,6 +49,7 @@ public class StringContent
     {
         public StringContent(string s) { }
     }
+
 }
 
 namespace System.Net.Mail
diff --git a/csharp/ql/test/resources/stubs/System.Web.Http.cs b/csharp/ql/test/resources/stubs/System.Web.Http.cs
new file mode 100644
index 000000000000..7cb6d36c74d4
--- /dev/null
+++ b/csharp/ql/test/resources/stubs/System.Web.Http.cs
@@ -0,0 +1,14 @@
+namespace System.Web.Http
+{
+    public class ApiController
+    {
+        public Microsoft.AspNetCore.Http.HttpContext Context => null;
+        public virtual Microsoft.AspNetCore.Mvc.RedirectResult Redirect(Uri location) => null;
+        public virtual Microsoft.AspNetCore.Mvc.RedirectResult Redirect(string location) => null;
+        public virtual ResponseMessageResult ResponseMessage(System.Net.Http.HttpResponseMessage response) => null;
+        public virtual Microsoft.AspNetCore.Mvc.RedirectToRouteResult RedirectToRoute(string routeName, object routeValues) => null;
+        public Microsoft.AspNetCore.Mvc.IUrlHelper Url { get; set; }
+    }
+
+    public class ResponseMessageResult { }
+}
diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs
index d1942c07dc1d..f0572742f883 100644
--- a/csharp/ql/test/resources/stubs/System.Web.cs
+++ b/csharp/ql/test/resources/stubs/System.Web.cs
@@ -19,6 +19,15 @@ public class HttpRequestBase
     public class HttpResponseBase
     {
         public void Write(object obj) { }
+        public virtual void AppendHeader(string name, string value) { }
+        public virtual void Redirect(string url) { }
+        public virtual void RedirectPermanent(string url) { }
+        public virtual int StatusCode { get; set; }
+        public virtual void AddHeader(string name, string value) { }
+        public virtual void End() { }
+        public virtual string RedirectLocation { get; set; }
+        public virtual NameValueCollection Headers => null;
+
     }
 
     public class HttpContextBase
@@ -51,26 +60,40 @@ public class HttpApplication : IHttpHandler
     }
 }
 
-namespace System.Web.Http
-{
-    public class ApiController
-    {
-    }
-}
-
 namespace System.Web.Mvc
 {
     public class Controller
     {
         public ViewResult View() => null;
+        public HttpRequestBase Request => null;
+        public HttpResponseBase Response => null;
+        protected internal virtual RedirectResult RedirectPermanent(string url) => null;
+        protected internal RedirectToRouteResult RedirectToRoute(string routeName) => null;
+        public UrlHelper Url { get; set; }
+        protected internal virtual RedirectResult Redirect(string url) => null;
     }
 
     public class MvcHtmlString : HtmlString
     {
         public MvcHtmlString(string s) : base(s) { }
     }
+
+    public class RoutePrefixAttribute : Attribute
+    {
+        public virtual string Prefix { get; private set; }
+        public RoutePrefixAttribute(string prefix) { }
+    }
+
+    public sealed class RouteAttribute : Attribute
+    {
+
+        public RouteAttribute(string template) { }
+    }
+
+    public class RedirectToRouteResult : ActionResult { }
 }
 
+
 namespace System.Web.UI
 {
     public class Control
@@ -81,6 +104,7 @@ public class Page
     {
         public System.Security.Principal.IPrincipal User { get; }
         public System.Web.HttpRequest Request { get; }
+        public HttpResponse Response => null;
     }
 
     interface IPostBackDataHandler
@@ -153,6 +177,7 @@ public class HttpRequest
         public UnvalidatedRequestValues Unvalidated { get; }
         public string RawUrl { get; set; }
         public HttpCookieCollection Cookies => null;
+        public bool IsAuthenticated { get; set; }
     }
 
     public class HttpRequestWrapper : System.Web.HttpRequestBase
@@ -169,6 +194,13 @@ public void WriteFile(string s) { }
         public void AddHeader(string name, string value) { }
         public void Redirect(string url) { }
         public void AppendHeader(string name, string value) { }
+        public void End() { }
+        public string RedirectLocation { get; set; }
+        public int StatusCode { get; set; }
+        public void RedirectPermanent(string url) { }
+        public virtual NameValueCollection Headers { get; set; }
+
+
     }
 
     public class HttpContext : IServiceProvider
@@ -177,6 +209,7 @@ public class HttpContext : IServiceProvider
         public HttpResponse Response => null;
         public SessionState.HttpSessionState Session => null;
         public HttpServerUtility Server => null;
+        public static HttpContext Current => null;
     }
 
     public class HttpCookie
@@ -301,6 +334,15 @@ public class UrlHelper
         public UrlHelper(Routing.RequestContext requestContext) { }
         public virtual bool IsLocalUrl(string url) => false;
     }
+
+    public class RedirectResult : ActionResult
+    {
+        public bool Permanent { get; set; }
+        public string Url => null;
+
+        public RedirectResult(string url) : this(url, permanent: false) { }
+        public RedirectResult(string url, bool permanent) { }
+    }
 }
 
 namespace System.Web.Routing
@@ -390,7 +432,7 @@ public class JavaScriptSerializer
         public JavaScriptSerializer() => throw null;
         public JavaScriptSerializer(System.Web.Script.Serialization.JavaScriptTypeResolver resolver) => throw null;
         public object DeserializeObject(string input) => throw null;
-        public T Deserialize<T> (string input) => throw null;
+        public T Deserialize<T>(string input) => throw null;
         public object Deserialize(string input, Type targetType) => throw null;
     }