Full Code of guardrailsio/awesome-dotnet-security for AI

Repository: guardrailsio/awesome-dotnet-security
Branch: master
Commit: 98be66b9b200
Files: 3
Total size: 10.4 KB

Directory structure:
gitextract_5komiwf0/

├── CONTRIBUTING.md
├── README.md
└── code-of-conduct.md

================================================
FILE CONTENTS
================================================

================================================
FILE: CONTRIBUTING.md
================================================
# Contribution Guidelines

1. Read and adhere to the [Code-of-Conduct](./code-of-conduct.md)
2. Make sure you put things in the right category!
3. Always add your items to the end of a list. To be fair, the order is first-come-first-serve.
4. If you think something belongs in the wrong category, or think there needs to be a new category, feel free to edit things too.

Please ensure your pull request adheres to the following guidelines:

- Search previous suggestions before making a new one, as yours may be a duplicate.
- Suggested READMEs should be beautiful or stand out in some way.
- Make an individual pull request for each suggestion.
- New categories, or improvements to the existing categorization are welcome.
- Keep descriptions short and simple, but descriptive.
- Start the description with a capital and end with a full stop/period.
- Check your spelling and grammar.
- Make sure your text editor is set to remove trailing whitespace.

Thank you for your suggestions!


================================================
FILE: README.md
================================================
<br/>
<div align="center">

A curated list of awesome .NET Security related resources.

[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._

Supported by: [GuardRails.io](https://www.guardrails.io)

</div>
<br/>

# Contents
- [Tools](#tools)
- [Educational](#educational)
- [Companies](#companies)
- [Other](#other)

# Tools

## Libraries

- [.NET Core Security Headers](https://github.com/juunas11/aspnetcore-security-headers) - Middleware for adding security headers to an ASP.NET Core application.
- [NetEscapades.AspNetCore.SecurityHeaders](https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders) - Small package to allow adding security headers to ASP.NET Core websites.
- [HtmlSanitizer](https://github.com/mganss/HtmlSanitizer) - Cleans HTML to avoid XSS attacks.
- [JWT .NET](https://github.com/jwt-dotnet/jwt) - Jwt.Net, a JWT (JSON Web Token) implementation for .NET.
- [NWebsec](https://github.com/NWebsec/NWebsec) - Security libraries for ASP.NET.
- [AspNetSaml](https://github.com/jitbit/AspNetSaml) - SAML client library, allows adding SAML single-sign-on to your ASP.NET app.
- [AspNetCoreRateLimit](https://github.com/stefanprodan/AspNetCoreRateLimit) - Package that will let you set rate limits for your .NET Core Api.

## Static Code Analysis

- [GuardRails](https://www.guardrails.io) - Continuous verification platform that integrates tightly with leading version control systems.
- [Security Code Scan](https://github.com/security-code-scan/security-code-scan) - Vulnerability Patterns Detector for C# and VB.NET.
- [Puma Scan](https://github.com/pumasecurity/puma-scan) - Puma Scan is a .NET software secure code analysis tool providing real time, continuous source code analysis.
- [DevSkim](https://github.com/Microsoft/DevSkim) - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.
- [SonarQube](https://github.com/SonarSource/sonar-dotnet) - SonarC# and SonarVB are static code analyser for C# and VB.​NET languages used as an extension for the SonarQube and SonarCloud platforms. It will allow you to produce stable and easily supported code by helping you to find and to correct bugs, vulnerabilities and smells in your code.

## Vulnerabilities and Security Advisories

- [RetireNET](https://github.com/RetireNet/dotnet-retire) - CLI extension to check your project for known vulnerabilities.
- [OWASP Dependency Check](https://github.com/jeremylong/DependencyCheck) - Detects publicly disclosed vulnerabilities in application dependencies.
  - [NuGet tool package](https://www.nuget.org/packages/DependencyCheck.Runner.Tool/) - Nuget tool package for OWASP Dependency Check
- [Audit.NET](https://github.com/OSSIndex/audit.net) - Identify known vulnerabilities in .net NuGet dependencies.
- [Snyk](https://github.com/snyk/snyk) - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
- [.NET Security Announcements](https://github.com/dotnet/announcements/issues?q=is%3Aopen+is%3Aissue+label%3ASecurity) - Watch this repo to receive security announcements in .NET Core
- [Snyk Vulnerability DB](https://snyk.io/vuln?type=nuget) - Commercial but free listing of known vulnerabilities in NuGet libraries.
- [Common Vulnerabilities and Exposures](https://www.cvedetails.com/product/42998/Microsoft-Asp.net-Core.html?vendor_id=26) - Vulnerabilities in .NET Core that were assigned a CVE.
- [National Vulnerability Database](https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=ASP.NET&queryType=phrase&search_type=all) - .NET related known vulnerabilities in the National Vulnerability Database.

# Educational

## Hacking Playgrounds

- [WebGoat.NET](https://github.com/jerryhoff/WebGoat.NET) - OWASP WebGoat.NET
- [Damn Vulnerable Thick Client App](https://github.com/secvulture/dvta) - DVTA is a Vulnerable Thick Client Application developed in C# .NET
- [ASP.NET Vulnerable Site](http://aspnet.testsparker.com) - Online .NET application that can be used to practice hacking.
- [The Most Vulnerable .NET App](https://github.com/AlexGoOn/the-most-vulnerable-dotnet-app) - A GitHub repository featuring an application with over 50 interactive security vulnerabilities.

## Articles, Guides & Talks

- [Anti-Request Forgery](https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.2) - Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks.
- [Prevent Cross-Site Scripting](https://docs.microsoft.com/en-us/aspnet/core/security/cross-site-scripting?view=aspnetcore-2.2) - Prevent Cross-Site Scripting (XSS).
- [Protect Secrets in Development](https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-2.2) - Safe storage of app secrets in development
- [.NET Security Cheat Sheet](https://www.owasp.org/index.php/.NET_Security_Cheat_Sheet) - Quick, basic .NET security tips for developers.
- [Hardening the security of your ASP.NET core apps](https://geeklearning.io/hardening-the-security-of-your-asp-net-core-apps/) - Lessons learned after a third-party penetration test.
- [Secure Coding Guidelines](https://docs.microsoft.com/en-us/dotnet/standard/security/secure-coding-guidelines) - Microsoft's take on secure coding guidelines.
- [Security Headers](https://andrewlock.net/adding-default-security-headers-in-asp-net-core/) - Adding Default Security Headers in .NET Core.
- [The ASP.NET Core security headers guide](https://blog.elmah.io/the-asp-net-core-security-headers-guide/) - Another take on adding security headers in ASP.NET Core.
- [Security Best Practices for ASP.NET MVC](https://jamilhallal.blogspot.com/2021/08/building-secure-aspnet-mvc-web.html) - Building Secure ASP.NET MVC Web Applications.

# Other

## Reporting Bugs

- [Report a Security Issue](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue)

## Contributing

Found an awesome project, package, article, or another type of resources related to .NET Security? Submit a pull request!
Just follow the [guidelines](/CONTRIBUTING.md). Thank you!

## License

[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0/)


================================================
FILE: code-of-conduct.md
================================================
# Contributor Covenant Code of Conduct

## Our Pledge

In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.

## Our Standards

Examples of behavior that contributes to creating a positive environment
include:

* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members

Examples of unacceptable behavior by participants include:

* The use of sexualized language or imagery and unwelcome sexual attention or
  advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
  address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
  professional setting

## Our Responsibilities

Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.

Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.

## Scope

This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at [support@guardrails.io](mailto:support@guardrails.io). All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.

## Attribution

This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html

[homepage]: https://www.contributor-covenant.org

For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq