dotnet
Safeguard articles tagged "dotnet" — guides, analysis, and best practices for software supply chain and application security.
33 articles
.NET Security Best Practices for 2026
A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.
NuGet's September 2025 Trusted Publishing Launch and the 2026 Signing Roadmap
NuGet became the fifth major registry to ship Trusted Publishing in September 2025, with .NET package signing and ID prefix reservation forming a complete trust-signal stack for the ecosystem.
NuGet Package Signing Status in 2026
NuGet package signing has quietly become one of the stricter supply chain stories in mainstream ecosystems. Here is what .NET teams actually need to know.
Securing the .NET NuGet Supply Chain
Package source mapping, packages.lock.json, NuGetAudit and signature verification — .NET ships more built-in supply chain controls than any other ecosystem. Most teams enable none of them.
Path Traversal Prevention in C# with Path.GetFullPath
Path.GetFullPath resolves traversal sequences, but it isn't a sanitizer on its own. Here's how C# teams get containment checks wrong, and how to fix them.
Secure Random Number Generation in C# with RandomNumberGe...
Why System.Random is a security liability in C# and how RandomNumberGenerator prevents predictable tokens, nonces, and keys in .NET applications.
CVE-2020-0602: Denial of service in ASP.NET Core
A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.
CVE-2020-1045: Security feature bypass in ASP.NET Core
CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.
CVE-2022-29117: Regular expression denial of service in .NET
CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.
CVE-2022-29145: Denial of service in .NET SignalR/Network...
CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.
CVE-2022-38013: Denial of service in .NET via crafted req...
A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.
CVE-2023-33170: Denial of service in .NET SocketsHttpHandler
A memory-allocation flaw in .NET's SocketsHttpHandler (CVE-2022-23267) let malicious HTTP responses trigger denial of service in HttpClient-based apps.