Safeguard
Tag

aspnet-core

Safeguard articles tagged "aspnet-core" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Security Guides

Preventing CSRF and XSS in ASP.NET Core

How CSRF and XSS actually work against ASP.NET Core apps, and the concrete defenses, antiforgery tokens, Razor output encoding, CSP, and SameSite cookies, that shut them down.

Jul 7, 20266 min read
Security Guides

.NET Secrets Management: From User Secrets to Key Vault

How to keep connection strings, API keys, and certificates out of your .NET source and images, using the Secret Manager, environment configuration, managed identities, and a real vault.

Jul 6, 20265 min read
Security Guides

ASP.NET Core Security Checklist for Production

A production-ready ASP.NET Core security checklist covering authentication, headers, HTTPS, antiforgery, rate limiting, and data protection, with the exact configuration for .NET 8 and .NET 9.

Jul 2, 20265 min read
Security Guides

.NET Security Best Practices for 2026

A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.

Jul 1, 20267 min read
Vulnerability Analysis

CVE-2020-0602: Denial of service in ASP.NET Core

A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2020-1045: Security feature bypass in ASP.NET Core

CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2022-29145: Denial of service in .NET SignalR/Network...

CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2022-29148: Denial of service in .NET Kestrel HTTP stack

CVE-2022-21986 is a CVSS 7.5 denial-of-service flaw in .NET Kestrel's HTTP/2 and HTTP/3 handling. Here's what's affected and how to remediate it.

Sep 18, 20257 min read
aspnet-core — Safeguard Blog