.NET Security Vulnerabilities and Language Overview Learn how Checkmarx can secure your .NET applications What is .NET? .NET is a software framework that Microsoft began developing in the late 1990s under the name Next Generation Windows Services (NGWS). In 2000, .NET 1.0, the first Beta, was shipped. .NET runs primarily on Windows and includes a large class library named Framework Class Library (FCL) which provides language interoperability for a number of popular programming languages. .NET Framework – Source Wikipedia What is ASP.NET? First appearing in early 2002, ASP.NET is an open-source server-side web application framework designed for web development to produce dynamic web pages. It’s built on the Common Language Runtime (CLR) which allows programmers to write ASP.NET code using any supported .NET language. The ASP.NET SOAP extension framework allows ASP.NET components to process SOAP messages. ASP.NET benefits Built for Windows Use Web Forms, SignalR, MVC, Web API, or Web Pages One version per machine Develop with Visual Studio using C#, VB or F# Mature platform High performance What is VB.NET? Making a debut in 2001, Visual Basic .NET (VB.NET) is a multi-paradigm, object-oriented programming language, implemented on the .NET Framework which was launched as the successor to the Visual Basic language. VB.Net Features Include: Boolean Conditions Automatic Garbage Collection Standard Library Assembly Versioning Properties and Events Delegates and Events Management Easy-to-use Generics Indexers Conditional Compilation Simple Multithreading .NET Security Vulnerabilities High-Risk.NET Security Vulnerabilities: Alongside SQL Injections (SQLi), Stored XSS and Reflected XSS, which affect many contemporary programming languages, .NET applications also face threats from: Code_Injection Command_Injection Connection_String_Injection LDAP_Injection Resource_Injection Second_Order_SQL_Injection UTF7_XSSX Path_Injection Securing your .NET Code Checkmarx’s CxSAST, a static code analysis solution, stands out amongst .NET testing solutions as not only the solution which will keep your .NET code free from security and compliance issues, but also as the tool which will contribute to your organization’s advancement when it comes to application security maturity. CxSAST works with the tools your developers are already using as it seamlessly integrates with most of the common development programs available at every stage of the SDLC. CxSAST’s features such as incremental code scanning and the best fix location made it ideal for any continuous integration continuous development (CICD) environment. When vulnerabilities are detected in the .NET code, CxSAST will not only identify the best fix location, but will also offer resources to the developer to understand how the attack vector work as well as remediation advice which will help them ensure similar mistakes are avoided in the future. Want to learn more about .NET vulnerabilities, why they happen, and how to eliminate them? Click for a tutorial and start sharpening your skills!