Safeguard
Tag

csharp

Safeguard articles tagged "csharp" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Security Guides

Insecure Deserialization in .NET: BinaryFormatter and Beyond

Why insecure deserialization is a remote-code-execution risk in .NET, what changed with BinaryFormatter's removal in .NET 9, and the dangerous JSON.NET settings still in the wild.

Jul 8, 20265 min read
Application Security

Preventing SQL Injection with Entity Framework

EF Core parameterizes every standard LINQ query by default — the real injection risk lives in three raw-SQL escape hatches Microsoft documents but developers still misuse.

Jul 8, 20266 min read
Security Guides

Preventing CSRF and XSS in ASP.NET Core

How CSRF and XSS actually work against ASP.NET Core apps, and the concrete defenses, antiforgery tokens, Razor output encoding, CSP, and SameSite cookies, that shut them down.

Jul 7, 20266 min read
Security Guides

.NET Secrets Management: From User Secrets to Key Vault

How to keep connection strings, API keys, and certificates out of your .NET source and images, using the Secret Manager, environment configuration, managed identities, and a real vault.

Jul 6, 20265 min read
Security Guides

C# Cryptography Best Practices in .NET

The right way to do cryptography in C#: authenticated encryption with AesGcm, secure randomness, PBKDF2 password hashing, constant-time comparison, and the legacy APIs to stop using.

Jul 5, 20265 min read
Security Guides

Preventing SQL Injection in .NET with Entity Framework Core

How SQL injection still happens in Entity Framework Core apps, which EF Core APIs are safe by default, which ones aren't, and the exact patterns that keep raw SQL parameterized.

Jul 3, 20266 min read
Security Guides

ASP.NET Core Security Checklist for Production

A production-ready ASP.NET Core security checklist covering authentication, headers, HTTPS, antiforgery, rate limiting, and data protection, with the exact configuration for .NET 8 and .NET 9.

Jul 2, 20265 min read
Security Guides

C# Secure Coding Guide: Patterns That Prevent Real Bugs

A hands-on C# secure coding guide covering input validation, safe APIs, path traversal, injection, and the language-level patterns that keep vulnerabilities out of your code.

Jul 1, 20266 min read
Security Guides

.NET Security Best Practices for 2026

A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.

Jul 1, 20267 min read
Regulatory Compliance

SQL Injection Prevention in C# with Entity Framework/LINQ

EF Core's LINQ layer parameterizes queries by default, but FromSqlRaw, ExecuteSqlRaw, and dynamic sort columns still open real SQL injection risk in .NET apps.

Oct 26, 20258 min read
Industry Analysis

Path Traversal Prevention in C# with Path.GetFullPath

Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.

Oct 24, 20257 min read
Industry Analysis

Secure Random Number Generation in C# with RandomNumberGe...

Why System.Random is a security liability in C# and how RandomNumberGenerator prevents predictable tokens, nonces, and keys in .NET applications.

Oct 19, 20256 min read
csharp — Safeguard Blog