Search results

Security Aspects

25 Oct 2021 / 2 minutes to read

This documentation will help to develop a secure ASP.NET Core MVC web application with Syncfusion Components.

Applicable Security Aspects

Syncfusion ASP.NET Core components are applicable for the below security aspects to secure the web application.

  • Cross-Site Scripting
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities

Cross-Site Scripting and Injection

Cross-Site Scripting is a security vulnerability and a client-side injection attack. Attackers inject the malicious code in a web application, usually JavaScript but could also be HTML or CSS.

To prevent this aspect, we have provided the API EnableHtmlSanitizer and its default value is set to true.

For more details, please refer to the API documentation for our Syncfusion ASP.NET Core controls that are having ‘EnableHtmlSanitizer’ property. Some of them are listed below for reference.

Also, we can find the documentation about preventing these security aspects from the components section in our user guide that are applicable to it. Here, you can refer to the documentation links for about preventing Cross-Site scripting in Grid and RichTextEditor.

Application level aspects

For other security threats like Broken Authentication, Sensitive Data Exposure, XML External Entities, we need to be configured from the application end. And, we would like to recommend the following Syncfusion blog to develop an ASP.NET Core MVC web application securely.