With .NET 5 released in November, it’s a good time to talk about some of the many improvements in the networking stack. This includes improvements around HTTP, Sockets, networking-related security, and other networking primitives. In this post, I will highlight some of the more impactful and interesting changes in the release.
اشتراکها
اشتراکها
22.Visual Studio 2017 15.9 منتشر شد
Issues Fixed in 15.9.22
Security Advisory Notices
اشتراکها
19.Visual Studio 2017 15.9 منتشر شد
Issues Fixed in 15.9.19
- Fixed an issue in C++ optimizer where the impact of writing to unknown memory inside a call wasn’t properly accounted for in the caller.
Security Advisory Notices
اشتراکها
16.Visual Studio 2017 15.9 منتشر شد
Issues Fixed in 15.9.16
- Assembly does not match code for function
- System.InvalidProgramException: Common Language Runtime detected an invalid program. when instrumenting x64 projects
- Cross-EH mode inlining of noexcept code produces unexpected behavior
- Corrected issue with HTML Help Workshop failing to repair.
Security Advisory Notices
- Functional Defects
- Problems with the logic
- Missing Validation (e.g., edge cases)
- Usage of API
- Design Patterns
- Architectural Issues
- Testability
- Readability
- Security
- Naming conventions
- Team Coding Style
- Documentation
- Use of best practices
- Language-specific issues
- Use of deprecated methods
- Performance (e.g., complexity of the solution)
- Alternative solutions…
NetEscapades.AspNetCore.SecurityHeaders
A small package to allow adding security headers to ASP.NET Core websites. example :
public void Configure(IApplicationBuilder app) { var policyCollection = new HeaderPolicyCollection() .AddFrameOptionsDeny() .AddXssProtectionBlock() .AddContentTypeOptionsNoSniff() .AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // maxage = one year in seconds .AddReferrerPolicyStrictOriginWhenCrossOrigin() .RemoveServerHeader() .AddContentSecurityPolicy(builder => { builder.AddObjectSrc().None(); builder.AddFormAction().Self(); builder.AddFrameAncestors().None(); }) .AddCustomHeader("X-My-Test-Header", "Header value"); app.UseSecurityHeaders(policyCollection); // other middleware e.g. static files, MVC etc }
10 Points to Secure Your ASP.NET Core MVC Applications
Broken authentication and session management
Sensitive Data Exposure & Audit trail
Cross-Site Scripting (XSS) attacks
Malicious File Upload
Security Misconfiguration (Error Handling Must Setup Custom Error Page)
Version Discloser
Cross-Site Request Forgery (CSRF)
XML External Entities (XXE)
Insecure Deserialization
SQL Injection Attack
برخی از تغییرات:
- رفع نواقص و مشکلات مرتبط با نرمافزار مرورگر مایکروسافت اج
- رفع مشکل اجرای اپلیکیشنهای دارای سطح دسترسی به پایگاه داده Microsoft Jet از طریق قالب فرمتی Access 97
- رفع مشکل عدم تنظیم صحیح مقادیر LmCompatibilityLevel بر روی برخی از رایانههای شخصی مختلف
- افزودن قابلیت پیش پشتیبانی از بستر (HTTP Strict Transport Security (HSTS در نرمافزارهای مرورگر مایکروسافت اج و نسخه یازدهم اینترنت اکسپلورر