Safeguard
Tag

dotnet

Safeguard articles tagged "dotnet" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Container Security

Best practices for containerizing .NET applications securely

.NET 8 gave containers a built-in non-root user and chiseled images that cut one team's CVE count 92% — most Dockerfiles still don't use either.

Jul 13, 20266 min read
Security Guides

Insecure Deserialization in .NET: BinaryFormatter and Beyond

Why insecure deserialization is a remote-code-execution risk in .NET, what changed with BinaryFormatter's removal in .NET 9, and the dangerous JSON.NET settings still in the wild.

Jul 8, 20265 min read
Supply Chain Attacks

The Moq NuGet incident: how a mocking library harvested developer emails

In August 2023, Moq v4.20.0 quietly ran git config at build time and phoned home 10,356 times before anyone pulled it — via a dependency nobody vetted.

Jul 8, 20266 min read
Application Security

Preventing SQL Injection with Entity Framework

EF Core parameterizes every standard LINQ query by default — the real injection risk lives in three raw-SQL escape hatches Microsoft documents but developers still misuse.

Jul 8, 20266 min read
Security Guides

.NET Secrets Management: From User Secrets to Key Vault

How to keep connection strings, API keys, and certificates out of your .NET source and images, using the Secret Manager, environment configuration, managed identities, and a real vault.

Jul 6, 20265 min read
Security Guides

C# Cryptography Best Practices in .NET

The right way to do cryptography in C#: authenticated encryption with AesGcm, secure randomness, PBKDF2 password hashing, constant-time comparison, and the legacy APIs to stop using.

Jul 5, 20265 min read
Security Guides

.NET Dependency Vulnerability Scanning: A Practical Guide

How to scan .NET dependencies for known vulnerabilities using dotnet list package, NuGet audit, and reachability-aware SCA, and how to wire it into CI so nothing ships with a known critical.

Jul 4, 20265 min read
Security Guides

Scanning NuGet Packages for Vulnerabilities in .NET

The .NET SDK ships a built-in vulnerability scanner: dotnet list package --vulnerable. Here is how to audit NuGet dependencies with it — and where to go beyond it.

Jul 4, 20265 min read
Security Guides

NuGet Supply Chain Security: Protecting Your .NET Dependencies

How NuGet supply chain attacks work, from dependency confusion to typosquatting, and the concrete controls, lock files, source mapping, and signing, that lock down your .NET build.

Jul 4, 20265 min read
Security Guides

Preventing SQL Injection in .NET with Entity Framework Core

How SQL injection still happens in Entity Framework Core apps, which EF Core APIs are safe by default, which ones aren't, and the exact patterns that keep raw SQL parameterized.

Jul 3, 20266 min read
Security Guides

ASP.NET Core Security Checklist for Production

A production-ready ASP.NET Core security checklist covering authentication, headers, HTTPS, antiforgery, rate limiting, and data protection, with the exact configuration for .NET 8 and .NET 9.

Jul 2, 20265 min read
Security Guides

C# Secure Coding Guide: Patterns That Prevent Real Bugs

A hands-on C# secure coding guide covering input validation, safe APIs, path traversal, injection, and the language-level patterns that keep vulnerabilities out of your code.

Jul 1, 20266 min read
dotnet — Safeguard Blog