Detect/resist XSS injections and holistically sanitize data across various subsystems (emails, APIs, back-end/front-end).
Protect your server application
with a comprehensive security pipeline
built on zero-trust model
Multiple stages of checks and verifications with events, hooks & settings to alter the existing and inject custom checks at any stage
Allow multitude of clients (browsers, mobile apps, IoT devices, backend jobs, third-party services) to connect securely using schemes like HMAC, cookies, service key and identities such as site keys, feature keys and sessions.
Restrict access to only secure networks or machines for not just automated API key based calls, but for any identity (including user sessions, to protect high-privileged user accounts).
Protect user accounts with MFA (2FA) checks – enforce MFA as a policy on users, opt out specific users, operations or networks from MFA verification.
Limit access to the system until user's contact details (such as email/mobile) are verified. Opt out certain operations (such as user profile) from verification check. Get end-to-end implementation of email verification workflow.
Authorize callers for not just actions but also for the data on which actions are being performed, with a convention-based ADA component that automatically determines permissionCodes and discovers sensitive data fields in requests, and gives you various options to override the default conventions.
Suspend not just users but operations on all kinds of entities – such as financial accounts, contacts, etc. for reasons such as KYC required, fraud detected, OFAC. Allow certain operations on suspended entities such as read-only access, upload KYC document.
"BHIS would like to commend Forge Trust on their implementation of the authorization header. The dynamic nature of this header helps to secure the application by preventing replay attacks and request tampering."
Cut cost, ship fast
ASPSecurityKit cuts the time it takes to develop secure web applications and APIs by 20%.
Jump straight into developing product features – get implementation of several important common workflows including account management (register, login, forgot password, account settings, email verification), user management (add/remove/suspend users, permissions), administration (impersonation, transfer), production-ready error handling and much more, right into your project as source code without writing a single line of code!
"ASPSecurityKit has saved us hundreds of developer hours and thousands of Pounds. I was blown away by the speed at which our developer single-handedly developed a complex multi-tenanted, multi-user order lifecycle management web application for a prestigious client in record time."
Create marketplace systems (connecting buyers/sellers)
or hierarchical systems (as in an organization chart)
or a mix of these with ease.
Protect against today's threat landscape;
harden against OWASP Top Ten
and be prepared against evolving future threats with regular library updates and expert guidance

Strong Password Hashing
Password hashing using PBk salted hashing protecting against dictionary attacks.
Change the default hashing algorithm with ease

Password Blocking
Detect and protect user data when account credentials are compromised (Credential hijacking)

Suspend User
Revoke access temporarily or permanently of unruly users

Request Integrity
Protect against request tampering and man-in-the-middle attacks

Request Expiration
Detect and prevent request replay attacks and define request life-time

Integrator Identification
Detect and reject connections from integrating institutional clients based on origin white lists

Key Leakage
Protect sensitive API Keys from being used from browser and non-white listed IPs

XSS
Components and guidance to implement End-to-end protection against XSS

Feature Hiding
Manage access and visibility of menus, actions and pages based on privilege level of users with the permission-based authorization