APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Automating .Net 6 Application Protection

Microsoft will officially release the next LTS version of .NET this week at .NET Conf on November 9th. Contrast is a sponsor of the event.  .NET 6 comes with a lot of suspense and excitement from the .NET community. This version brings simplified development, performance optimizations, and improved tooling. Contrast Security is excited to announce that version 2.1.0 of our .NET Agent will support applications targeting .NET 6 immediately.

.Net6 Agent is Alive!

The Contrast .NET Agent team has worked to support .NET 6 applications by tracking changes to  .NET 6 APIs as they happened, thanks to Microsoft's embrace of open source practices and the availability of preview and release candidates of the new language version. Contrast's process to instrument languages and frameworks requires deep understanding and research into runtime internals as well as diligent and thorough testing.

From the day of official release, the Contrast .NET Agent will be able to detect vulnerabilities by following data flow through the APIs and libraries used by instrumented applications. Traditionally, .NET applications handled data using APIs that use String, StringBuilder, char[], and other similar types. .NET 6's performance optimizations greatly increases the number of types that applications, libraries, and runtime use to handle string data. The Contrast .NET Agent will now follow data flow through APIs using Span, Memory, ValueTask, ValueStringBuilder, and StringSegment types. The Contrast .NET Agent also recognizes when applications use specific sanitization (encoding) or validation APIs. .NET 6 introduces DateOnly and TimeOnly types which can also be used to validate string data. Additionally, Contrast agents discover application routes declared by an application and report when HTTP traffic is handled by a route. We've expanded this capability to include .NET 6's new Minimal API structure as well as updating our existing capabilities to handle existing routing mechanisms under .NET 6.

Empower Your Digital Business Outcomes With .NET Security

As teams are looking to improve the security of their .NET 6 applications, they can use the Contrast Application Security Platform from day one!  The addition of the latest .NET 6 capabilities will automatically detect security vulnerabilities in their .NET applications without the need to run separate, dedicated security tests. The Contrast .NET Agent works from the inside - out by assessing .NET 6 security vulnerabilities at runtime, as the development team is coding while providing remediation for vulnerabilities we have detected. Contrast enables security and development teams to feel confident in the code they release.

To find out more, Contrast has been a long-time partner with Microsoft to help weave application security into the .NET Developer and Azure Cloud Experience.

For more information:

Microsoft Azure Marketplace: Contrast on the Azure Marketplace

Read: Contrast 2021 Application Security Observability Report 

Brian Sowers, Senior Technical Product Manager, Contrast Security

Brian Sowers, Senior Technical Product Manager, Contrast Security

Brian spent 14 years in software engineering and security assurance roles focused largely on .NET web applications. He has worked for large technology and media companies, small startups, regulatory agencies, and many others in between. He is passionate about building applications that bridge the gap between security and engineering.

SUBSCRIBE TO THE BLOG