guardrailsio / Awesome Dotnet Security
Awesome .NET Security Resources
Stars: β 325
Labels
Projects that are alternatives of or similar to Awesome Dotnet Security
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: β 509 (+56.62%)
Mutual labels: static-analysis, security-tools, security-testing
Awesome Python Security
Awesome Python Security resources πΆππ
Stars: β 738 (+127.08%)
Mutual labels: static-analysis, security-tools, security-testing
Awesome Java Security
Awesome Java Security Resources πΆβπ
Stars: β 216 (-33.54%)
Mutual labels: static-analysis, security-tools, security-testing
Amdh
Android Mobile Device Hardening
Stars: β 95 (-70.77%)
Mutual labels: static-analysis, security-tools
Jsprime
a javascript static security analysis tool
Stars: β 556 (+71.08%)
Mutual labels: static-analysis, security-tools
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
Stars: β 6,281 (+1832.62%)
Mutual labels: static-analysis, security-tools
Huskyci
Performing security tests inside your CI
Stars: β 398 (+22.46%)
Mutual labels: static-analysis, security-tools
Njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: β 128 (-60.62%)
Mutual labels: static-analysis, security-tools
Squealer
Telling tales on you for leaking secrets!
Stars: β 97 (-70.15%)
Mutual labels: static-analysis, security-tools
Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: β 207 (-36.31%)
Mutual labels: static-analysis, security-tools
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: β 254 (-21.85%)
Mutual labels: static-analysis, security-tools
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: β 216 (-33.54%)
Mutual labels: static-analysis, security-tools
Hackertarget
π― HackerTarget ToolKit - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery π―
Stars: β 320 (-1.54%)
Mutual labels: security-tools, security-testing
Salus
Security scanner coordinator
Stars: β 441 (+35.69%)
Mutual labels: static-analysis, security-tools
Gosec
Golang security checker
Stars: β 5,694 (+1652%)
Mutual labels: static-analysis, security-tools
Awesome Golang Security
Awesome Golang Security resources πΆπ
Stars: β 1,355 (+316.92%)
Mutual labels: static-analysis, security-tools
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: β 360 (+10.77%)
Mutual labels: static-analysis, security-tools
Applicationinspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: β 3,873 (+1091.69%)
Mutual labels: static-analysis, security-tools
Securecodebox
secureCodeBox (SCB) - continuous secure delivery out of the box
Stars: β 279 (-14.15%)
Mutual labels: security-tools, security-testing
Nerve
NERVE Continuous Vulnerability Scanner
Stars: β 267 (-17.85%)
Mutual labels: security-tools, security-testing
A curated list of awesome .NET Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Contents
Tools
Libraries
- .NET Core Security Headers - Middleware for adding security headers to an ASP.NET Core application.
- NetEscapades.AspNetCore.SecurityHeaders - Small package to allow adding security headers to ASP.NET Core websites.
- HtmlSanitizer - Cleans HTML to avoid XSS attacks.
- JWT .NET - Jwt.Net, a JWT (JSON Web Token) implementation for .NET.
- NWebsec - Security libraries for ASP.NET.
- AspNetSaml - SAML client library, allows adding SAML single-sign-on to your ASP.NET app.
Static Code Analysis
- GuardRails - Continuous verification platform that integrates tightly with leading version control systems.
- Security Code Scan - Vulnerability Patterns Detector for C# and VB.NET.
- Puma Scan - Puma Scan is a .NET software secure code analysis tool providing real time, continuous source code analysis.
- DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.
- SonarQube - SonarC# and SonarVB are static code analyser for C# and VB.βNET languages used as an extension for the SonarQube and SonarCloud platforms. It will allow you to produce stable and easily supported code by helping you to find and to correct bugs, vulnerabilities and smells in your code.
Vulnerabilities and Security Advisories
- RetireNET - CLI extension to check your project for known vulnerabilities.
-
OWASP Dependency Check - Detects publicly disclosed vulnerabilities in application dependencies.
- NuGet tool package - Nuget tool package for OWASP Dependency Check
- Audit.NET - Identify known vulnerabilities in .net NuGet dependencies.
- Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
- .NET Security Announcements - Watch this repo to receive security announcements in .NET Core
- Snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in NuGet libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities in .NET Core that were assigned a CVE.
- National Vulnerability Database - .NET related known vulnerabilities in the National Vulnerability Database.
Educational
Hacking Playgrounds
- WebGoat.NET - OWASP WebGoat.NET
- Damn Vulnerable Thick Client App - DVTA is a Vulnerable Thick Client Application developed in C# .NET
- ASP.NET Vulnerable Site - Online .NET application that can be used to practice hacking.
Articles, Guides & Talks
- Anti-Request Forgery - Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks.
- Prevent Cross-Site Scripting - Prevent Cross-Site Scripting (XSS).
- Protect Secrets in Development - Safe storage of app secrets in development
- .NET Security Cheat Sheet - Quick, basic .NET security tips for developers.
- Hardening the security of your ASP.NET core apps - Lessons learned after a third-party penetration test.
- Secure Coding Guidelines - Microsoft's take on secure coding guidelines.
- Security Headers - Adding Default Security Headers in .NET Core.
Other
Reporting Bugs
Contributing
Found an awesome project, package, article, or another type of resources related to .NET Security? Submit a pull request! Just follow the guidelines. Thank you!
License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].