csharp
Safeguard articles tagged "csharp" — guides, analysis, and best practices for software supply chain and application security.
13 articles
Insecure Deserialization in .NET: BinaryFormatter and Beyond
Why insecure deserialization is a remote-code-execution risk in .NET, what changed with BinaryFormatter's removal in .NET 9, and the dangerous JSON.NET settings still in the wild.
Preventing SQL Injection with Entity Framework
EF Core parameterizes every standard LINQ query by default — the real injection risk lives in three raw-SQL escape hatches Microsoft documents but developers still misuse.
Preventing CSRF and XSS in ASP.NET Core
How CSRF and XSS actually work against ASP.NET Core apps, and the concrete defenses, antiforgery tokens, Razor output encoding, CSP, and SameSite cookies, that shut them down.
.NET Secrets Management: From User Secrets to Key Vault
How to keep connection strings, API keys, and certificates out of your .NET source and images, using the Secret Manager, environment configuration, managed identities, and a real vault.
C# Cryptography Best Practices in .NET
The right way to do cryptography in C#: authenticated encryption with AesGcm, secure randomness, PBKDF2 password hashing, constant-time comparison, and the legacy APIs to stop using.
Preventing SQL Injection in .NET with Entity Framework Core
How SQL injection still happens in Entity Framework Core apps, which EF Core APIs are safe by default, which ones aren't, and the exact patterns that keep raw SQL parameterized.
ASP.NET Core Security Checklist for Production
A production-ready ASP.NET Core security checklist covering authentication, headers, HTTPS, antiforgery, rate limiting, and data protection, with the exact configuration for .NET 8 and .NET 9.
C# Secure Coding Guide: Patterns That Prevent Real Bugs
A hands-on C# secure coding guide covering input validation, safe APIs, path traversal, injection, and the language-level patterns that keep vulnerabilities out of your code.
.NET Security Best Practices for 2026
A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.
SQL Injection Prevention in C# with Entity Framework/LINQ
EF Core's LINQ layer parameterizes queries by default, but FromSqlRaw, ExecuteSqlRaw, and dynamic sort columns still open real SQL injection risk in .NET apps.
Path Traversal Prevention in C# with Path.GetFullPath
Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.
Secure Random Number Generation in C# with RandomNumberGe...
Why System.Random is a security liability in C# and how RandomNumberGenerator prevents predictable tokens, nonces, and keys in .NET applications.