I want to check for and validate security threats in my C#/Asp.net application and wanted to know if there are any C#, asp.net security libraries which can check against common attacks i.e. session hijacking, DoS, script injection etc?
There is the Anti-Cross Site Scripting Library from Microsoft:
AntiXSS helps you to protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy application with its Security Runtime Engine. Working with customer and partner feedback, AntiXSS incorporates radically and innovatively rethought features, offering you a newer, more powerful weapon against the often employed cross-site scripting (XSS) attack. AntiXSS gives you:
- Improved Performance. AntiXSS has been completely rewritten with performance in mind, and yet retains the fundamental protection from XSS attacks that you have come to rely on for your applications.
- Secure Globalization. The web is a global market place, and cross-site scripting is a global issue. An attack can be coded anywhere, and Anti-XSS now protects against XSS attacks coded in dozens of languages.
- Standards Compliance. AntiXSS is written to comply with modern web standards. You can protect your web application without adversely affecting its UI.
Many other security features are baked into ASP.NET and IIS and as far as SQL is concerned, you should be using parameterized queries.
On the web front, there are also a couple of .NET projects listed on the OWASP projects page:
The OWASP .NET project:
The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services.
AntiSamy.NET:
The OWASP AntiSamy .NET project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in compliance within an application's rules.
You may also want to take a look at the new IIS vulnerability scanner by Troy Hunt - asafaweb.
The netsparker community edition (free) allows you to scan your site for XSS, sql injection vulnerabilities - but isn't a library as such. It gives good descriptions of vulnerabilities and ways to cover them.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With