NWebsec classic - Security libraries for ASP.NET 4¶
NWebsec consists of several security libraries for ASP.NET applications. Three of these libraries work together to remove version headers, control cache headers, stop potentially dangerous redirects, and set important security headers. With the introduction of ASP.NET core, there are two sets of NWebsec packages. You’ve now found the documentation for the “old” packages built for ASP.NET 4:
If you’re not sure what “security headers” are, check out this blog post: Security through HTTP response headers.
There are also two stand-alone libraries. Since they don’t follow the versions of the security header libraries, they are documented as separate projects.
NWebsec.SessionSecurity improves ASP.NET session security. Read more about the improvements in the blog post Ramping up ASP.NET session security.
NWebsec.AzureStartupTasks helps you harden the TLS configuration for Azure web role instances. Learn why you need to harden the default TLS configuration in the blog post Hardening Windows Server 2008/2012 and Azure SSL/TLS configuration.
Check out the NWebsec demo site to see the headers and session security improvements in action.
To keep up with new releases or to give feedback, find @NWebsec on Twitter. You can also get in touch at nwebsec (at) nwebsec (dot) com.