{"id":10081,"date":"2021-05-03T18:25:12","date_gmt":"2021-05-03T17:25:12","guid":{"rendered":"https:\/\/staging-site.42crunch.com\/?p=10081"},"modified":"2024-09-04T15:09:27","modified_gmt":"2024-09-04T14:09:27","slug":"creating-high-quality-oas-definitions-with-net-core","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/creating-high-quality-oas-definitions-with-net-core\/","title":{"rendered":"Creating High Quality OAS Definitions with .Net Core"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">This document highlights how code annotations can be used to enhance the quality and the security posture for customers using .<\/span><b>Net Core<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">42Crunch security recommendations help enterprises discover and remediate vulnerabilities much more quickly (up to 25X more quickly) while saving 90% of manual costs (whether through internal efforts or external pen-testing).<\/span><\/p>\n<h2><strong>Using the Available Native Support from .Net<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">In order to produce OAS files when developing with .NET core framework, developers can use:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Swashbuckle (<\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/aspnet\/core\/tutorials\/getting-started-with-swashbuckle?view=aspnetcore-5.0&amp;tabs=visual-studio-code\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/aspnet\/core\/tutorials\/getting-started-with-swashbuckle?view=aspnetcore-5.0&amp;tabs=visual-studio-code<\/span><\/a><span style=\"font-weight: 400;\">)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">NSwag &#8211; <a href=\"https:\/\/docs.microsoft.com\/en-us\/aspnet\/core\/tutorials\/getting-started-with-nswag?view=aspnetcore-5.0&amp;tabs=visual-studio\">https:\/\/docs.microsoft.com\/en-us\/aspnet\/core\/tutorials\/getting-started-with-nswag?view=aspnetcore-5.0&amp;tabs=visual-studio<\/a><\/li>\n<\/ul>\n<h4>Using Swashbuckle<\/h4>\n<p><span style=\"font-weight: 400;\">In this document&#8217;s example, we have an entity (Person), which will represent the JSON Schema, and a Controller (PersonController), that will expose the API&#8217;s operations for us.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Swagger-UI looks pretty much like the following image:<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-11480\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img1.png\" alt=\"\" width=\"1998\" height=\"1330\" srcset=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img1.png 1998w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img1-300x200.png 300w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img1-1024x682.png 1024w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img1-768x511.png 768w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img1-1536x1022.png 1536w\" sizes=\"(max-width: 1998px) 100vw, 1998px\" \/><\/p>\n<p><em><span style=\"font-weight: 400;\">Image 1 &#8211; Swagger UI presenting the APIs Operations and Schema<\/span><\/em><\/p>\n<h4>The 42Crunch IDE Support<\/h4>\n<p><span style=\"font-weight: 400;\">Based on the Open API Specification file generated by the .net framework with the support of Swashbuckle, we can get this file and add it into our IDE, just to start the process to execute de Security Audit Score, to make sure potential vulnerabilities in our API, please, refer to the following screenshot using Visual Studio Code and 42Crunch&#8217;s extension:<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-11479\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img3.png\" alt=\"\" width=\"1999\" height=\"1230\" srcset=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img3.png 1999w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img3-300x185.png 300w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img3-1024x630.png 1024w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img3-768x473.png 768w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img3-1536x945.png 1536w\" sizes=\"(max-width: 1999px) 100vw, 1999px\" \/><\/p>\n<p><em><span style=\"font-weight: 400;\">Image 2 &#8211; Initial Score generated by Swashbuckle<\/span><\/em><\/p>\n<p><span style=\"font-weight: 400;\">The 42Crunch&#8217;s extension for Visual Studio Code is presenting us with the following Audit Score: 10 of 100, in the rest of this document, we will cover how we could improve this score, essentially improving the C# code that is responsible for it.<\/span><\/p>\n<h4>Recommendations from 42Crunch<\/h4>\n<p><span style=\"font-weight: 400;\">Most of 42Crunch\u2019s recommendations can be fixed straight from the code to protect your API either from your preferred IDE or through the CI\/CD process. We will always look only and just only at the generated OAS\/Swagger file in order to identify if your API has potential security vulnerabilities.\u00a0<\/span><\/p>\n<p><strong>Note: <\/strong><i><span style=\"font-weight: 400;\">Please, keep in mind that even having the best code and the whole coverage in the backends components does not necessarily mean that your API is free from potential attacks.<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">Let&#8217;s take a look first into the Person entity, which is our Schema:<\/span><\/p>\n<p><strong>Original Code for Entity\/JSON Schema<\/strong><\/p>\n<pre><code class=\"language-json\">using System.ComponentModel.DataAnnotations;\n \nnamespace TodoApi.Models\n{\n   public class Person\n   {\n \n       public string firstName { get; set; }\n       public string lastName { get; set; }\n       public long id { get; set; }\n      public int age { get; set; }\n   }\n}\n<\/code><\/pre>\n<p><strong>Enhanced Code for Entity\/JSON Schema<\/strong><\/p>\n<pre><code class=\"language-json\">using System.ComponentModel.DataAnnotations;\nusing System;\n \nnamespace TodoApi.Models\n{\n   public class Person\n   {\n       [Required, RegularExpression(&quot;\/^[a-zA-Z ]{2,100}$\/&quot;),MinLength(5), MaxLength(100)]\n       public string firstName { get; set; }\n       [Required, RegularExpression(&quot;\/^[a-zA-Z ]{2,100}$\/&quot;),MinLength(5), MaxLength(100)]\n       public string lastName { get; set; }\n       [Required, Range(1, long.MaxValue)]\n       public long id { get; set; }\n      [Required, Range(0, 150)]\n      public int age { get; set; }\n   }\n}\n<\/code><\/pre>\n<p><span style=\"font-weight: 400;\">Let&#8217;s see how that slight change had impacted our new Audit Score:\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-11478\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img2.png\" alt=\"\" width=\"1999\" height=\"1224\" srcset=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img2.png 1999w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img2-300x184.png 300w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img2-1024x627.png 1024w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img2-768x470.png 768w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img2-1536x941.png 1536w\" sizes=\"(max-width: 1999px) 100vw, 1999px\" \/><br \/>\n<em><span style=\"font-weight: 400;\">Image 3 &#8211; Having just small changes, our audit score were considerably improved<\/span><\/em><\/p>\n<p><span style=\"font-weight: 400;\">One of the most critical aspects is in the security that is not defined, so we will show how to add it right into the code ad the following:\u00a0<\/span><\/p>\n<pre><code class=\"language-json\">private static void addSec(IServiceCollection services)\n       {\n \n           \/\/Swaggers with Security\n           services.AddSwaggerGen(c =&gt;\n           {\n               \/\/ configure SwaggerDoc and others\n \n               c.SwaggerDoc(&quot;v1&quot;, new OpenApiInfo\n               {\n                   Version = &quot;v1&quot;,\n                   Title = &quot;42Crunch - some best practices demo API&quot;,\n                   Description = &quot;A simple example ASP.NET Core Web API&quot;,\n                   TermsOfService = new Uri(&quot;https:\/\/example.com\/terms&quot;),\n                   Contact = new OpenApiContact\n                   {\n                       Name = &quot;Shayne Boyer&quot;,\n                       Email = string.Empty,\n                       Url = new Uri(&quot;https:\/\/twitter.com\/spboyer&quot;),\n                   },\n                   License = new OpenApiLicense\n                   {\n                       Name = &quot;Use under LICX&quot;,\n                       Url = new Uri(&quot;https:\/\/example.com\/license&quot;),\n                   }\n               });\n               \/\/ jwt\n \n               \/\/ add JWT Authentication\n               var securityScheme = new OpenApiSecurityScheme\n               {\n                   Name = &quot;JWT Authentication&quot;,\n                   Description = &quot;Enter JWT Bearer token **_only_**&quot;,\n                   In = ParameterLocation.Header,\n                   Type = SecuritySchemeType.Http,\n                   Scheme = &quot;bearer&quot;, \/\/ must be lower case\n                   BearerFormat = &quot;JWT&quot;,\n                   Reference = new OpenApiReference\n                   {\n                       Id = JwtBearerDefaults.AuthenticationScheme,\n                       Type = ReferenceType.SecurityScheme\n                   }\n               };\n               c.AddSecurityDefinition(securityScheme.Reference.Id, securityScheme);\n               c.AddSecurityRequirement(new OpenApiSecurityRequirement\n   {\n       {securityScheme, new string[] { }}\n   });\n \n\n               \/\/ add Basic Authentication\n               var basicSecurityScheme = new OpenApiSecurityScheme\n               {\n                   Type = SecuritySchemeType.Http,\n                   Scheme = &quot;basic&quot;,\n                   Reference = new OpenApiReference { Id = &quot;BasicAuth&quot;, Type = ReferenceType.SecurityScheme }\n               };\n               c.AddSecurityDefinition(basicSecurityScheme.Reference.Id, basicSecurityScheme);\n               c.AddSecurityRequirement(new OpenApiSecurityRequirement\n   {\n       {basicSecurityScheme, new string[] { }}\n   });\n           });\n \n       }\n<\/code><\/pre>\n<p><span style=\"font-weight: 400;\">Now, it&#8217;s time to improve our API&#8217;s operations, in order to that, for .net, we have to take a look into the Controller component. Please, see the original PersonController:<\/span><\/p>\n<p><strong>Original Code for PersonController.cs<\/strong><\/p>\n<pre><code class=\"language-json\">using System;\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Threading.Tasks;\nusing Microsoft.AspNetCore.Http;\nusing Microsoft.AspNetCore.Mvc;\nusing Microsoft.EntityFrameworkCore;\nusing TodoApi.Models;\n \nnamespace TodoApi.Controllers\n{\n   [Route(&quot;api\/[controller]&quot;)]\n   [ApiController]\n   public class PersonController : ControllerBase\n   {\n       private readonly PersonContext _context;\n \n       public PersonController(PersonContext context)\n       {\n           _context = context;\n       }\n \n       \/\/ GET: api\/Person\n       [HttpGet]\n       public async Task&lt;ActionResult&lt;IEnumerable&gt;&gt; GetPersons()\n       {\n           return await _context.Persons.ToListAsync();\n       }\n \n       \/\/ GET: api\/Person\/5\n       [HttpGet(&quot;{id}&quot;)]\n       public async Task&lt;ActionResult&gt; GetPerson(long id)\n       {\n           var person = await _context.Persons.FindAsync(id);\n \n           if (person == null)\n           {\n               return NotFound();\n           }\n \n           return person;\n       }\n \n       \/\/ PUT: api\/Person\/5\n       \/\/ To protect from overposting attacks, enable the specific properties you want to bind to, for\n       \/\/ more details, see https:\/\/go.microsoft.com\/fwlink\/?linkid=2123754.\n       [HttpPut(&quot;{id}&quot;)]\n       public async Task PutPerson(long id, Person person)\n       {\n           if (id != person.id)\n           {\n               return BadRequest();\n           }\n \n           _context.Entry(person).State = EntityState.Modified;\n \n           try\n           {\n               await _context.SaveChangesAsync();\n           }\n           catch (DbUpdateConcurrencyException)\n           {\n               if (!PersonExists(id))\n               {\n                   return NotFound();\n               }\n               else\n               {\n                   throw;\n               }\n           }\n \n           return NoContent();\n       }\n \n       \/\/ POST: api\/Person\n       \/\/ To protect from overposting attacks, enable the specific properties you want to bind to, for\n       \/\/ more details, see https:\/\/go.microsoft.com\/fwlink\/?linkid=2123754.\n       [HttpPost]\n       public async Task&lt;ActionResult&gt; PostPerson(Person person)\n       {\n           _context.Persons.Add(person);\n           await _context.SaveChangesAsync();\n \n           return CreatedAtAction(&quot;GetPerson&quot;, new { id = person.id }, person);\n       }\n \n       \/\/ DELETE: api\/Person\/5\n       [HttpDelete(&quot;{id}&quot;)]\n       public async Task&lt;ActionResult&gt; DeletePerson(long id)\n       {\n           var person = await _context.Persons.FindAsync(id);\n           if (person == null)\n           {\n               return NotFound();\n           }\n \n           _context.Persons.Remove(person);\n           await _context.SaveChangesAsync();\n \n           return person;\n       }\n \n       private bool PersonExists(long id)\n       {\n           return _context.Persons.Any(e =&gt; e.id == id);\n       }\n   }\n}\n<\/code><\/pre>\n<p><span style=\"font-weight: 400;\">Now, let&#8217;s add some annotations from annotation for improving our Audit Score, at the same time that we are also incrementing our API protection level. <\/span><span style=\"font-weight: 400;\">We added required annotations into the Objects that will be the foundation for JSON Schema generation.<\/span><\/p>\n<pre><code class=\"language-json\">\n\/\/\/\n\/\/\/ Creates a TodoItem.\n\/\/\/ <\/code><\/pre>\n<pre><code class=\"language-json\">\n\/\/\/ \/\/\/ Sample request: \/\/\/ \/\/\/ POST \/Todo \/\/\/ { \/\/\/ &quot;id&quot;: 1, \/\/\/ &quot;name&quot;: &quot;Item1&quot;, \/\/\/ &quot;isComplete&quot;: true \/\/\/ } \/\/\/ \/\/\/ \/\/\/ \/\/\/ A newly created TodoItem \/\/\/ Returns the newly created item \/\/\/ If the item is null \/\/\/ Forbidden \/\/\/ Forbidden \/\/\/ Too many responses [HttpPost] [ProducesResponseType(StatusCodes.Status201Created)] [ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status429TooManyRequests)] public async Task&lt;ActionResult&gt; PostTodoItem(TodoItem todoItem) { _context.TodoItems.Add(todoItem); await _context.SaveChangesAsync(); return CreatedAtAction(&quot;GetTodoItem&quot;, new { id = todoItem.Id }, todoItem); }\n<\/code><\/pre>\n<p>Some initial results:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-11477\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img4.png\" alt=\"\" width=\"1999\" height=\"865\" srcset=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img4.png 1999w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img4-300x130.png 300w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img4-1024x443.png 1024w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img4-768x332.png 768w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img4-1536x665.png 1536w\" sizes=\"(max-width: 1999px) 100vw, 1999px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">We could improve your API\u2019s compliance posture from 16% secure to 43% secure if we made these changes. The recommendations do not require changing the generated swagger but leveraging annotations in\u00a0 the C# Code.<\/span><\/p>\n<h4>Using NSwag<\/h4>\n<p><strong>NSwag<\/strong> has similar capabilities to <strong>Swashbuckle<\/strong>. Either one can be configured to achieve a high-quality Open API Specification\/Swagger.<\/p>\n<p><strong>For Pipelines and CI\/CD<\/strong><\/p>\n<p>The REST API Security Testing pipeline lets you add our automated tests and validations to your CI\/CD pipelines to test your API at every single CI\/CD invocation. We let our customers use a wide range of tools in order to execute this practice, some of which are: Jenkins, Azure Pipelines, Bitbucket, Bamboo, and others. We can also quickly and easily make a custom integration using our API. Please, check more info here: <a href=\"https:\/\/staging2022.42crunch.com\/free-tools\/\">https:\/\/42crunch.com\/free-tools\/\u00a0\u00a0<\/a><\/p>\n<p>Once the APIs reach an acceptable <strong>Audit Score<\/strong>, which our recommendation is at least 70 (of 100), they are good to pass into the CI\/CD pipeline such as Jenkins, GitLab, Azure Pipelines, GitHub, Bamboo, etc. In addition, 42Crunch offers the capacity to integrate with many quality tools, as one of those is SonarQube:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11476 aligncenter\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-sonarqube.png\" alt=\"\" width=\"1182\" height=\"682\" srcset=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-sonarqube.png 1182w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-sonarqube-300x173.png 300w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-sonarqube-1024x591.png 1024w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-sonarqube-768x443.png 768w\" sizes=\"(max-width: 1182px) 100vw, 1182px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11475 aligncenter\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img5.png\" alt=\"\" width=\"1054\" height=\"404\" srcset=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img5.png 1054w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img5-300x115.png 300w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img5-1024x393.png 1024w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2021\/05\/net-core-blog-img5-768x294.png 768w\" sizes=\"(max-width: 1054px) 100vw, 1054px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Conclusion<\/h2>\n<p><span style=\"font-weight: 400;\">The 42Crunch platform concentrates on Open API\/Swagger files, it allows our customers to have a fully integrated protection platform that understands the API behavior from its inception\/design to production. To rely on the Spec files is the way to avoid guessing on <\/span><i><span style=\"font-weight: 400;\">what<\/span><\/i><span style=\"font-weight: 400;\"> and <\/span><i><span style=\"font-weight: 400;\">how<\/span><\/i><span style=\"font-weight: 400;\"> to protect your APIs.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>For API Security Audit<\/strong><br \/>\n<\/span><span style=\"font-weight: 400;\">42Crunch executes 200+ security checks against the API contract, provides detailed security scoring for prioritization, and remediation advice to help developers define the best contract possible. Reaching great results in that phase obtaining high-quality <\/span><b>Open API\/Swagger<\/b><span style=\"font-weight: 400;\"> files, we can move to the next component in the platform: Conformance Scanning.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>API Conformance Scan<\/strong><br \/>\n<\/span><span style=\"font-weight: 400;\">42Crunch Conformance Scan is a dynamic runtime testing of your API to ensure that the implementation behind your API matches the <\/span><b>contract<\/b><span style=\"font-weight: 400;\"> set out in the OpenAPI \/ Swagger definition of the API.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>API Protection<\/strong><br \/>\n<\/span><span style=\"font-weight: 400;\">42Crunch Platform moves the defense from the network perimeter to in-depth directly in front of your APIs. With API Protection, you can protect each API from malicious intents with a micro-API firewall.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><strong>References<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/blog.infernored.com\/master-web-apis-with-swagger-apiexplorer-and-nswag\/\"><span style=\"font-weight: 400;\">https:\/\/blog.infernored.com\/master-web-apis-with-swagger-apiexplorer-and-nswag\/<\/span><\/a><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/www.c-sharpcorner.com\/article\/how-to-use-nswag-with-asp-net-core-and-generate-client-code-with-nswag-studio\/\"><span style=\"font-weight: 400;\">https:\/\/www.c-sharpcorner.com\/article\/how-to-use-nswag-with-asp-net-core-and-generate-client-code-with-nswag-studio\/<\/span><\/a><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<li><a href=\"https:\/\/cezarypiatek.github.io\/post\/auto-generated-web-api-client\/\"><span style=\"font-weight: 400;\">https:\/\/cezarypiatek.github.io\/post\/auto-generated-web-api-client\/<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>This document highlights how code annotations can be used to enhance the quality and the security posture for customers using .Net Core. 42Crunch security recommendations help enterprises discover and remediate vulnerabilities much more quickly (up to 25X more quickly) while saving 90% of manual costs (whether through internal efforts or external pen-testing). Using the Available [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":11338,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"Creating High Quality OAS Definitions with .Net Core","_seopress_titles_desc":"This document highlights how code annotations can be used to enhance the quality and the API security posture for customers using .Net Core.","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"disabled","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[6],"tags":[16],"class_list":["post-10081","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-api-security-training"],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/10081"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=10081"}],"version-history":[{"count":2,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/10081\/revisions"}],"predecessor-version":[{"id":19007,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/10081\/revisions\/19007"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/11338"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=10081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=10081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=10081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}