1 article with this tag
ASP.NET Core is a mature, solid foundation, but incidents come from settings. The big three: (1) exposing detailed errors / the Developer Exception Page in production (internal info leak), (2) secrets hardcoded in appsettings.json (use User Secrets / env vars / Key Vault), (3) missing authorization attributes ([Authorize]). Plus unsafe deserialization (BinaryFormatter, etc.), over-posting in model binding (limit with DTOs/[Bind]), and NuGet dependency CVEs. Defenses: hide detailed errors in prod, load secrets from outside config, make authorization explicit.