Safeguard
Tag

dotnet

Safeguard articles tagged "dotnet" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Security Guides

.NET Security Best Practices for 2026

A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.

Jul 1, 20267 min read
Supply Chain

NuGet's September 2025 Trusted Publishing Launch and the 2026 Signing Roadmap

NuGet became the fifth major registry to ship Trusted Publishing in September 2025, with .NET package signing and ID prefix reservation forming a complete trust-signal stack for the ecosystem.

May 12, 20266 min read
Open Source Security

NuGet Package Signing Status in 2026

NuGet package signing has quietly become one of the stricter supply chain stories in mainstream ecosystems. Here is what .NET teams actually need to know.

Feb 17, 20267 min read
Engineering

Securing the .NET NuGet Supply Chain

Package source mapping, packages.lock.json, NuGetAudit and signature verification — .NET ships more built-in supply chain controls than any other ecosystem. Most teams enable none of them.

Nov 24, 20256 min read
Industry Analysis

Path Traversal Prevention in C# with Path.GetFullPath

Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.

Oct 24, 20257 min read
Industry Analysis

Secure Random Number Generation in C# with RandomNumberGe...

Why System.Random is a security liability in C# and how RandomNumberGenerator prevents predictable tokens, nonces, and keys in .NET applications.

Oct 19, 20256 min read
Vulnerability Analysis

CVE-2020-0602: Denial of service in ASP.NET Core

A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2020-1045: Security feature bypass in ASP.NET Core

CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2022-29117: Regular expression denial of service in .NET

CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2022-29145: Denial of service in .NET SignalR/Network...

CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2022-38013: Denial of service in .NET via crafted req...

A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2023-33170: Denial of service in .NET SocketsHttpHandler

A memory-allocation flaw in .NET's SocketsHttpHandler (CVE-2022-23267) let malicious HTTP responses trigger denial of service in HttpClient-based apps.

Sep 17, 20258 min read
dotnet (Page 2) — Safeguard Blog