Application Security capabilities support

The following application security capabilities are supported in the .NET library, for the specified tracer version:

Application Security capabilityMinimum .NET tracer version
Threat Detection2.23.0
Threat Protection2.26.0
Customize response to blocked requests2.27.0
Software Composition Analysis (SCA)2.16.0
Code Security2.42.0
Automatic user activity event tracking2.32.0
API Security2.42.0

The minimum tracer version to get all supported application security capabilities for .NET is 2.42.0.

Note: Threat Protection requires enabling Remote Configuration, which is included in the listed minimum tracer version.

Supported deployment types

TypeThreat Detection supportSoftware Composition Analysis
Docker
Kubernetes
Amazon ECS
AWS Fargate
AWS Lambda
Azure App Service

Note: Azure App Service is supported for web applications only. Application Security capabilities are not supported for Azure Functions.

Language and framework compatibility

Supported .NET versions

For a list of supported platforms and operating systems, see .NET Framework Compatibility and .NET/.NET Core Compatiblity.

Web framework compatibility

  • Attacker source HTTP request details
  • Tags for the HTTP request (status code, method, etc)
  • Distributed Tracing to see attack flows through your applications
Application Security Capability Notes
  • Software Composition Analysis is supported on all frameworks.
  • If your framework is not listed below, Code Security will still detect Insecure Cookie vulnerabilities.
FrameworkThreat Detection supported?Threat Protection supported?Code Security?
ASP.NET MVC
ASP.NET Web API 2
If you don't see your framework of choice listed, let us know! Fill out this short form to send details.

Data store compatibility

Datastore tracing provides:

  • SQL attack detection
  • query info (for example, a sanitized query string)
  • error and stacktrace capturing
Application Security Capability Notes
  • Threat Protection also works at the HTTP request (input) layer, and so works for all databases by default, even those not listed in the table below.
FrameworkThreat Detection supported?Threat Protection supported?Code Security?
OracleDB
ADO.NET
SQL Server
MySQL
SQLite

User Authentication Frameworks compatibility

Integrations to User Authentication Frameworks provides:

  • User login events including the user IDs
  • User signup events (apps using built-in SignInManager)
  • Account Takeover detection monitoring for user login events
Framework
> .Net Core 2.1
PREVIEWING: esther/docs-9478-fix-split-after-example