Application Security capabilities support

The following application security capabilities are supported in the .NET library, for the specified tracer version:

The minimum tracer version to get all supported application security capabilities for .NET is 2.42.0.

Note: Threat Protection requires enabling Remote Configuration, which is included in the listed minimum tracer version.

Supported deployment types

Note: Azure App Service is supported for web applications only. Application Security capabilities are not supported for Azure Functions.

Language and framework compatibility

Supported .NET versions

For a list of supported platforms and operating systems, see .NET Framework Compatibility and .NET/.NET Core Compatiblity.

Web framework compatibility

• Attacker source HTTP request details
• Tags for the HTTP request (status code, method, etc)
• Distributed Tracing to see attack flows through your applications

Application Security Capability Notes

• Software Composition Analysis is supported on all frameworks.
• If your framework is not listed below, Code Security will still detect Insecure Cookie vulnerabilities.

Data store compatibility

Datastore tracing provides:

• SQL attack detection
• query info (for example, a sanitized query string)
• error and stacktrace capturing

Application Security Capability Notes

• Threat Protection also works at the HTTP request (input) layer, and so works for all databases by default, even those not listed in the table below.

User Authentication Frameworks compatibility

Integrations to User Authentication Frameworks provides:

• User login events including the user IDs
• User signup events (apps using built-in SignInManager)
• Account Takeover detection monitoring for user login events