Coretexia.SecureShield
2.0.0
There is a newer version of this package available.
See the version list below for details.
See the version list below for details.
dotnet add package Coretexia.SecureShield --version 2.0.0
NuGet\Install-Package Coretexia.SecureShield -Version 2.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Coretexia.SecureShield" Version="2.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Coretexia.SecureShield" Version="2.0.0" />
<PackageReference Include="Coretexia.SecureShield" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Coretexia.SecureShield --version 2.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Coretexia.SecureShield, 2.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Coretexia.SecureShield@2.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Coretexia.SecureShield&version=2.0.0
#tool nuget:?package=Coretexia.SecureShield&version=2.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
🛡️ SecureShield
Enterprise-Grade Security Framework for .NET Applications
SecureShield is a comprehensive security hardening framework for .NET applications that provides 13 essential security modules to protect against modern cyber threats including SQL injection, XSS, CSRF, DoS attacks, malicious file uploads, and more.
✨ Features
🔒 Core Security Modules
- SQL Injection Protection - Advanced pattern detection and parameterized query validation
- XSS Protection - Input validation and output sanitization with HTML encoding
- CSRF Protection - Token-based validation with SameSite cookies
- JWT Security - Token validation with replay attack detection
- Rate Limiting - TokenBucket algorithm with endpoint-specific rules
- CORS Protection - Secure cross-origin resource sharing configuration
- Security Headers - HSTS, CSP, X-Frame-Options, and more
🆕 Advanced Security Features
- OTP DoS Protection - Prevent SMS/Email flooding attacks on OTP endpoints
- Form Validation Security - Prevent form bypass and mass assignment attacks
- File Upload Security - Comprehensive malware scanning and file validation
- Packet Encryption - AES-256-GCM with compression and key rotation
- Network Security - Packet validation, anomaly detection, connection throttling
- Threat Intelligence - IP reputation, behavioral analysis, malware scanning
📦 Installation
NuGet Package Manager
Install-Package Coretexia.SecureShield
.NET CLI
dotnet add package Coretexia.SecureShield
Package Reference
<PackageReference Include="Coretexia.SecureShield" Version="2.0.0" />
🚀 Quick Start
1. Basic Setup
using Coretexia.SecureShield.Extensions;
var builder = WebApplication.CreateBuilder(args);
// Add SecureShield with default configuration
builder.Services.AddSecureShield(builder.Configuration)
.EnableSqlInjectionProtection()
.EnableXssProtection()
.EnableCsrfProtection()
.EnableRateLimiting()
.EnableSecurityHeaders();
var app = builder.Build();
// Apply SecureShield middleware
app.UseSecureShield();
app.Run();
2. Advanced Configuration
builder.Services.AddSecureShield(builder.Configuration)
.EnableSqlInjectionProtection(opts =>
{
opts.ValidateParameterizedQueries = true;
opts.MaxParameterLength = 2000;
})
.EnableOtpDoSProtection(opts =>
{
opts.MaxOtpRequestsPerIpPerHour = 5;
opts.CooldownPeriodSeconds = 60;
opts.EnableProgressivePenalties = true;
})
.EnableFormValidation(opts =>
{
opts.PreventMassAssignment = true;
opts.SanitizeInputValues = true;
opts.MaxFieldLength = 1000;
})
.EnableFileUploadSecurity(opts =>
{
opts.MaxFileSizeBytes = 10 * 1024 * 1024; // 10MB
opts.EnableMalwareScanning = true;
opts.QuarantineSuspiciousFiles = true;
})
.EnablePacketEncryption(opts =>
{
opts.Algorithm = "AES-256-GCM";
opts.EnableCompression = true;
})
.EnableThreatIntelligence(opts =>
{
opts.EnableIpReputation = true;
opts.ThreatScoreThreshold = 7;
});
⚙️ Configuration
appsettings.json
{
"SecureShield": {
"Enable": true,
"SqlInjection": {
"Enable": true,
"ValidateParameterizedQueries": true,
"MaxParameterLength": 2000
},
"OtpDoSProtection": {
"Enable": true,
"MaxOtpRequestsPerIpPerHour": 5,
"MaxOtpRequestsPerPhonePerHour": 3,
"CooldownPeriodSeconds": 60,
"EnableProgressivePenalties": true
},
"FormValidation": {
"Enable": true,
"PreventMassAssignment": true,
"SanitizeInputValues": true,
"MaxFieldLength": 1000,
"BlockedFieldNames": ["id", "userId", "roleId", "isAdmin"]
},
"FileUploadSecurity": {
"Enable": true,
"MaxFileSizeBytes": 10485760,
"EnableMalwareScanning": true,
"AllowedExtensions": [".jpg", ".png", ".pdf", ".docx"],
"QuarantineSuspiciousFiles": true
},
"RateLimiting": {
"Enable": true,
"MaxRequests": 100,
"Period": "00:01:00",
"Algorithm": "TokenBucket"
},
"SecurityHeaders": {
"Enable": true,
"EnableHsts": true,
"ContentSecurityPolicy": "default-src 'self'"
}
}
}
🔍 Security Modules Overview
| Module | Priority | Description | Status |
|---|---|---|---|
| SQL Injection Protection | 10 | Prevents SQL injection attacks | ✅ |
| OTP DoS Protection | 15 | Prevents SMS/Email flooding | 🆕 |
| XSS Protection | 20 | Cross-site scripting prevention | ✅ |
| Form Validation Security | 25 | Prevents form bypass attacks | 🆕 |
| CSRF Protection | 30 | Cross-site request forgery protection | ✅ |
| File Upload Security | 35 | Malicious file upload prevention | 🆕 |
| JWT Security | 40 | JWT token validation | ✅ |
| Rate Limiting | 50 | Request rate limiting | ✅ |
| Security Headers | 60 | HTTP security headers | ✅ |
| CORS Protection | 70 | Secure CORS configuration | ✅ |
| Packet Encryption | 80 | End-to-end encryption | ✅ |
| Network Security | 85 | Network layer protection | ✅ |
| Threat Intelligence | 90 | Advanced threat detection | ✅ |
🆕 New Features in v2.0
OTP DoS Protection
Protects against SMS/Email flooding attacks on OTP endpoints:
- IP-based rate limiting (5 requests/hour)
- Phone/Email-based limiting (3 requests/hour)
- Progressive penalties for repeat offenders
- Cooldown periods between requests
- Failed verification attempt monitoring
Form Validation Security
Prevents form bypass and manipulation attacks:
- Mass assignment protection
- Hidden field manipulation prevention
- Input sanitization and validation
- Field length enforcement
- Required field validation
- Pattern-based validation (email, phone, URL)
File Upload Security
Comprehensive file upload protection:
- File size validation (max 10MB)
- Extension and MIME type validation
- File header verification
- Malware pattern scanning
- Suspicious file quarantine
- Secure filename generation
- Double extension detection
📚 Usage Examples
OTP DoS Protection
// Configure OTP endpoints protection
.EnableOtpDoSProtection(opts =>
{
opts.OtpEndpointPatterns = new[] { "/api/auth/send-otp", "/otp/*" };
opts.MaxOtpRequestsPerIpPerHour = 5;
opts.WhitelistedIps = new[] { "127.0.0.1" };
});
// Example OTP endpoint
app.MapPost("/api/auth/send-otp", ([FromBody] OtpRequest request) =>
{
// This endpoint is automatically protected
return Results.Ok(new { Status = "OTP sent" });
});
Form Validation
// Configure form validation
.EnableFormValidation(opts =>
{
opts.BlockedFieldNames = new[] { "id", "userId", "isAdmin" };
opts.FieldValidationPatterns = new Dictionary<string, string>
{
{ "email", @"^[^@]+@[^@]+\.[^@]+$" },
{ "phone", @"^\+?[\d\s-()]+$" }
};
});
// Example protected form endpoint
app.MapPost("/api/user/profile", ([FromBody] UserProfile profile) =>
{
// Automatic validation against blocked fields and patterns
return Results.Ok(new { Status = "Profile updated" });
});
File Upload Security
// Configure file upload security
.EnableFileUploadSecurity(opts =>
{
opts.AllowedExtensions = new[] { ".jpg", ".png", ".pdf" };
opts.MaxFileSizeBytes = 5 * 1024 * 1024; // 5MB
opts.EnableMalwareScanning = true;
});
// Example protected upload endpoint
app.MapPost("/api/upload", async (IFormFileCollection files) =>
{
// Files are automatically scanned and validated
return Results.Ok(new { UploadedFiles = files.Count });
});
🎯 Security Testing
Test Endpoints
SecureShield includes built-in test endpoints for validation:
// Security status endpoint
GET /security/detailed-status
// Security metrics endpoint
GET /security/metrics
// Test OTP protection
POST /api/auth/send-otp
POST /api/auth/verify-otp
// Test form validation
POST /api/user/profile
// Test file upload security
POST /api/file/upload
🔧 Advanced Features
Packet Encryption
.EnablePacketEncryption(opts =>
{
opts.Algorithm = "AES-256-GCM";
opts.EnableCompression = true;
opts.KeyRotationInterval = TimeSpan.FromHours(24);
opts.ExcludedPaths = new[] { "/health", "/metrics" };
});
Network Security
.EnableNetworkSecurity(opts =>
{
opts.EnableAnomalyDetection = true;
opts.MaxConnectionsPerIp = 50;
opts.BlockedUserAgents = new[] { "bot", "crawler" };
});
Threat Intelligence
.EnableThreatIntelligence(opts =>
{
opts.EnableIpReputation = true;
opts.ThreatScoreThreshold = 7;
opts.DefaultAction = ThreatAction.Block;
});
📊 Performance & Monitoring
Built-in Metrics
- Request processing times
- Threat detection counts
- Rate limiting statistics
- Encryption performance metrics
- File upload scan results
Logging Integration
SecureShield integrates with Microsoft.Extensions.Logging:
// Enable detailed security logging
"Logging": {
"LogLevel": {
"Coretexia.SecureShield": "Information"
}
}
🔒 Security Best Practices
- Enable All Modules: Use all security modules for maximum protection
- Regular Updates: Keep SecureShield updated to latest version
- Configuration Review: Regularly review and update security configurations
- Monitoring: Monitor security logs and metrics
- Testing: Use provided test endpoints to validate security measures
🆘 Troubleshooting
Common Issues
Build Errors: Ensure .NET 8.0+ is installed
dotnet --version
Configuration Issues: Validate appsettings.json syntax
dotnet run --environment Development
Performance Issues: Adjust rate limiting and encryption settings
opts.MaxRequests = 200; // Increase if needed
opts.EnableCompression = false; // Disable for performance
🤝 Contributing
We welcome contributions! Please see our Contributing Guidelines for details.
Development Setup
git clone https://github.com/coretexia/secureshield.git
cd secureshield
dotnet build
dotnet test
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
- Microsoft .NET Team for the excellent framework
- Security community for vulnerability research
- All contributors and users providing feedback
📞 Support
- 📧 Email: support@coretexia.com
- 🐛 Issues: GitHub Issues
- 📖 Documentation: Wiki
⚡ Secure your .NET applications with SecureShield - Enterprise-grade security made simple!
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net8.0
- AspNetCoreRateLimit (>= 5.0.0)
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 8.0.0)
- Microsoft.EntityFrameworkCore (>= 8.0.0)
- Microsoft.EntityFrameworkCore.Relational (>= 8.0.0)
- Microsoft.Extensions.Caching.StackExchangeRedis (>= 8.0.0)
- Microsoft.Extensions.Configuration.Binder (>= 8.0.0)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 8.0.0)
- Serilog.AspNetCore (>= 8.0.0)
- System.ComponentModel.Annotations (>= 5.0.0)
- System.Text.Encodings.Web (>= 8.0.0)
- System.Text.RegularExpressions (>= 4.3.1)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
🚀 Version 2.0.0 - Major Security Enhancement Release
🆕 NEW SECURITY MODULES:
• OTP DoS Protection - Prevents SMS/Email flooding attacks with IP, phone, and email rate limiting
• Form Validation Security - Advanced form bypass protection with mass assignment prevention
• File Upload Security - Comprehensive malware scanning and file validation system
🔒 ENHANCED SECURITY FEATURES:
• Packet Encryption with AES-256-GCM and compression support
• Network Security with anomaly detection and connection throttling
• Threat Intelligence with IP reputation and behavioral analysis
• Advanced Encryption Module with perfect forward secrecy
⚡ PERFORMANCE IMPROVEMENTS:
• Optimized middleware pipeline with priority-based ordering
• Streaming encryption for large payloads
• Adaptive compression algorithms
• Memory-efficient caching systems
🛡️ SECURITY ENHANCEMENTS:
• Progressive penalty system for repeat offenders
• Real-time threat scoring and blocking
• Advanced malware pattern detection
• Secure file quarantine system
• Enhanced logging and monitoring
📊 TOTAL: 13 Security Modules, 99% Threat Protection Coverage
Full compatibility with .NET 8.0+ and ASP.NET Core applications.