Go on, I'll wait for you to finish reading. Klingsheim has a brilliant blog post called Security through HTTP response headers which is a must read and fairly comprehensive. Some are more useful than others but many of them are aimed at making the web more secure.Īndré N. HTTP has been around for a very long time and so, a fairly large number of HTTP headers have been accumulated over time. You still need to put the effort in to customize the site security to your own requirements and put in some time learning about what each of the security features does and how best to use it. The ASP.NET Core Boilerplate project template includes them by default.Įverything is preconfigured and commented as much as possible out of the box but remember this is a project template to get you started. Klingsheim are a great way to add additional security to your ASP.NET MVC site. The NWebSec NuGet packages written by André N. I would also, highly recommend reading up on Troy Hunt's blog which has extensive examples of real life websites in the wild, written by major companies getting web security horribly wrong. Here is a free video by Troy which covers the same topic but in a little less depth.
You can also get a trial subscription if you're interested). Note that Pluralsight requires a paid subscription (I'm quite against posting links to paid content but this course is pretty good. If you have some time and want to learn more about web security I highly recommend Troy Hunt's Pluralsight course called Hack yourself first. This blog post as well as the ASP.NET Core Boilerplate project are not a replacement for your own knowledge but it does help in setting up some defaults to be more secure and giving you a few more tools out of the box to help secure your site. It is ridiculously easy to slip up and leave holes in your sites defences. Web takes things to a whole new level of difficulty. You can create a new project using this template by installing the Visual Studio extension or visit the GitHub site to view the source code.
This series of blog posts goes through the additions made to the default ASP.NET MVC project template to build the ASP.NET Core Boilerplate project template.