Soon after the web became accessible to the world, web applications started to pop up everywhere. Along with web applications came vulnerabilities that could be exploited by malicious users. Fortunately, security experts and framework developers are constantly providing ongoing advice and better safeguards.
Some common security vulnerabilities over the years have included the following:
SQL Injection: SQL is executed against a database by injecting malicious SQL scripts through HTML form fields whose values are used to build a text string of SQL. By using LINQ to entities with an ORM such as EF Core, you can avoid the risk of SQL Injection. If you find yourself using parameterized queries, make sure you sanitize any user input (by HTML-encoding the values) before using them in a query parameter.
Sensitive Data Exposure: Information about the server, file system, database, and operating system may be unnecessarily exposed in a production setting, especially...