You'll find the NWebsec packages on NuGet:

Project Description
The NWebsec security libraries for ASP.NET applications are built on the philosophy that security should be simple and maintainable.

NWebsec/NWebsec.Mvc lets you remove version headers, control cache headers, stop potentially dangerous redirects, and set important security headers. If you're not sure what "security headers" are, check out this blog post: Security through HTTP response headers.

NWebsec.Owin provides OWIN middleware to stop potentially dangerous redirects and set important security headers.

NWebsec.SessionSecurity improves ASP.NET session security. Read more about the improvements in the blog post Ramping up ASP.NET session security.

NWebsec.AzureStartupTasks helps you harden the TLS configuration for Azure web role instances. Learn why you need to harden the default TLS configuration in the blog post Hardening Windows Server 2008/2012 and Azure SSL/TLS configuration.

Did you now that the SDL requires countermeasures against session fixation attacks, and that certain security headers must set by your web application? No? See NWebsec and the SDL to learn more.

Check out the NWebsec demo site to see the headers and session security improvements in action.

Consult the Documentation to see how it works.

To keep up with new releases or to give feedback, find @NWebsec on Twitter. You can also get in touch at nwebsec (at) nwebsec (dot) com.


Last edited Fri at 2:40 PM by klings, version 26