aspnet-core
Safeguard articles tagged "aspnet-core" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Preventing CSRF and XSS in ASP.NET Core
How CSRF and XSS actually work against ASP.NET Core apps, and the concrete defenses, antiforgery tokens, Razor output encoding, CSP, and SameSite cookies, that shut them down.
.NET Secrets Management: From User Secrets to Key Vault
How to keep connection strings, API keys, and certificates out of your .NET source and images, using the Secret Manager, environment configuration, managed identities, and a real vault.
ASP.NET Core Security Checklist for Production
A production-ready ASP.NET Core security checklist covering authentication, headers, HTTPS, antiforgery, rate limiting, and data protection, with the exact configuration for .NET 8 and .NET 9.
.NET Security Best Practices for 2026
A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.
CVE-2020-0602: Denial of service in ASP.NET Core
A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.
CVE-2020-1045: Security feature bypass in ASP.NET Core
CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.
CVE-2022-29145: Denial of service in .NET SignalR/Network...
CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.
CVE-2022-29148: Denial of service in .NET Kestrel HTTP stack
CVE-2022-21986 is a CVSS 7.5 denial-of-service flaw in .NET Kestrel's HTTP/2 and HTTP/3 handling. Here's what's affected and how to remediate it.