Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Are there any C#/asp.net Security libraries available?

Tags:

c#

security

asp.net

I want to check for and validate security threats in my C#/Asp.net application and wanted to know if there are any C#, asp.net security libraries which can check against common attacks i.e. session hijacking, DoS, script injection etc?

like image 528
InfoLearner Avatar asked Feb 21 '23 23:02

InfoLearner

2 Answers

There is the Anti-Cross Site Scripting Library from Microsoft:

AntiXSS helps you to protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy application with its Security Runtime Engine. Working with customer and partner feedback, AntiXSS incorporates radically and innovatively rethought features, offering you a newer, more powerful weapon against the often employed cross-site scripting (XSS) attack. AntiXSS gives you:

  • Improved Performance. AntiXSS has been completely rewritten with performance in mind, and yet retains the fundamental protection from XSS attacks that you have come to rely on for your applications.
  • Secure Globalization. The web is a global market place, and cross-site scripting is a global issue. An attack can be coded anywhere, and Anti-XSS now protects against XSS attacks coded in dozens of languages.
  • Standards Compliance. AntiXSS is written to comply with modern web standards. You can protect your web application without adversely affecting its UI.

Many other security features are baked into ASP.NET and IIS and as far as SQL is concerned, you should be using parameterized queries.

On the web front, there are also a couple of .NET projects listed on the OWASP projects page:

The OWASP .NET project:

The purpose of the OWASP .NET Project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services.

AntiSamy.NET:

The OWASP AntiSamy .NET project is a few things. Technically, it is an API for ensuring user-supplied HTML/CSS is in compliance within an application's rules.

You may also want to take a look at the new IIS vulnerability scanner by Troy Hunt - asafaweb.

like image 114
Oded Avatar answered Mar 05 '23 19:03

Oded

The netsparker community edition (free) allows you to scan your site for XSS, sql injection vulnerabilities - but isn't a library as such. It gives good descriptions of vulnerabilities and ways to cover them.

like image 21
amelvin Avatar answered Mar 05 '23 20:03

amelvin
Sign in to Comment

Related questions

How to paste 12 consecutive digit numbers into 4 text boxes using TextChanged property?
OpenPop - Gmail - GetMessageCount() returns 0 (zero)
Object initializers in C# cause compile-time error
Page.Header.Controls.Add(control) is adding controls to <body> not <head>
Parameter Delimiters
ReSharper naming style for event methods
Parsing an HL7 without a priori messageType knowledge
Recursion in Constructor
LINQ query over a list of Bool+String pairs. How to join strings without foreach?
Running cmd.exe with arguments from c#
Excel Solver : Non linear least squares equivalent in C#
Calling a method on every instance of a type in c#
How to differentiate between value-type, nullable value-type, enum, nullable-enum, reference-types through reflection?
C# html to pdf converter using wkhtmltopdf or any other free tools [closed]
Access violation calling Win API from C# using DllImport
How get properties for a inherits class
WPF Resizing/Aligning Buttons when parent window resized
How to prevent users from copying text from RichTextBox in a C# application?
How to initialise a custom HTTP Context or HttpContextBase
ASP.NET GridView Sorting Implementation & Event Handling

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!