10 Points to Secure Your ASP.NET Core MVC Applications 

Broken authentication and session management

Sensitive Data Exposure & Audit trail

Cross-Site Scripting (XSS) attacks

Malicious File Upload

Security Misconfiguration (Error Handling Must Setup Custom Error Page)

Version Discloser

Cross-Site Request Forgery (CSRF)

XML External Entities (XXE)

Insecure Deserialization

SQL Injection Attack