Simplify your .NET Application Security Headers
Intro
Hi guys, today I want to share to you all about one Nuget package that really helpfull and reduce your headache for setting up security best practice especially for WebAPI / Website.
Security headers help protect web applications from common vulnerabilities by instructing browsers on how to handle certain aspects of content and communication.
Introducing you NetEscapades.AspNetCore.SecurityHeaders which created by one of my favourite .NET Idol https://andrewlock.net/. This nuget package really simplified your security and security posture with minimal effort by adding required security such as X-Frame-Options, X-XSS-Protection, X-Content-Type-Options and Strict-Transport-Security headers and remove the X-Powered-By header. Pretty nice right 😊.
Lets check
First lets check the initial security header for Website/API, but for this example im using my current website for checking the security headers. Lets navigate to Security Headers and paste your website there for scanning.
Initial Scan
Pretty Sad 😭 which is i only got 'D' for the scanning there.
Wired Up the Package
Install the package using nuget
NetEscapades.AspNetCore.SecurityHeaders
Then, you just need to add 1 line of code app.UseSecurityHeaders() on your Program.cs as per below:-
... code
app.UseSecurityHeaders();
... another code
After Apply The Code
The results really increase from 'D' to 'A' 🚀. Nice right! And yes, actually you can customize the security according to your needs.
app.UseSecurityHeaders(policies =>
policies
.AddDefaultSecurityHeaders()
.AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 63072000)
);
Summary
NetEscapades.AspNetCore.SecurityHeaders is a library for .NET developers that simplifies the process of adding and managing security headers in ASP.NET Core applications. Security headers help protect web applications from common vulnerabilities by instructing browsers on how to handle certain aspects of content and communication. i Recommended you guys to try the library.