tessl-labs/aspnet-security-basics
Security defaults that belong in every ASP.NET Core application from day one.
87
1.91x
Quality
83%
Does it follow best practices?
Impact
94%
1.91xAverage score across 5 eval scenarios
Securityby
Passed
No known issues
security-headers-added.jsonverifiers/
{
"instruction": "Add security headers middleware to every ASP.NET Core app",
"relevant_when": "Agent creates or modifies an ASP.NET Core application, adds endpoints, or sets up middleware pipeline",
"context": "Every ASP.NET Core app must include security headers: X-Content-Type-Options: nosniff, X-Frame-Options: DENY, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The Server and X-Powered-By headers should be removed. These headers prevent XSS, clickjacking, MIME sniffing, and information leakage.",
"sources": [
{
"type": "file",
"filename": "skills/aspnet-security-basics/SKILL.md",
"tile": "tessl-labs/aspnet-security-basics@0.2.0"
}
],
"checklist": [
{
"name": "x-content-type-options",
"rule": "Agent adds X-Content-Type-Options: nosniff header via middleware",
"relevant_when": "Agent creates or modifies an ASP.NET Core application"
},
{
"name": "x-frame-options",
"rule": "Agent adds X-Frame-Options: DENY header via middleware",
"relevant_when": "Agent creates or modifies an ASP.NET Core application"
},
{
"name": "content-security-policy",
"rule": "Agent adds a Content-Security-Policy header appropriate for the application type",
"relevant_when": "Agent creates or modifies an ASP.NET Core application"
},
{
"name": "server-header-removed",
"rule": "Agent removes or suppresses Server and X-Powered-By headers to prevent information leakage",
"relevant_when": "Agent creates or modifies an ASP.NET Core application"
}
]
}evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
skills
aspnet-security-basics
verifiers