Enterprise-grade security, simplified for developers

Protect valuable business data from unauthorized access with granular property-level permit checks,

defend against multiple attack vectors, enable seamless integration with multitude of clients.

Rapidly build reliable business apps (MVC/API) on the platform of your choice

ASP.NET Core, .NET5, .NET Framework and ServiceStack.

Special launch offer: 30% off !! save $300 with every developer license

Buy now and Activate Later

Offer ends in

ASPSecurityKit powers Forge Trust multi-tenant API platform and portals, managing over $11 billion of custodial assets

"The work you guys have done for ISCP security has been phenomenal and I consider it to be one of the most important pieces of our financial platform. I highly recommend ASPSecurityKit as the leading IAM solution."
Todd Yancey CSO, IRA Services Trust Company (San Francisco).

Protect your server application

with a comprehensive security pipeline

built on zero-trust model

Multiple stages of checks and verifications with events, hooks & settings to alter the existing and inject custom checks at any stage

1

Detect/resist XSS injections and holistically sanitize data across various subsystems (emails, APIs, back-end/front-end).

2
3

Restrict access to only secure networks or machines for not just automated API key based calls, but for any identity (including user sessions, to protect high-privileged user accounts).

4

Protect user accounts with MFA (2FA) checks – enforce MFA as a policy on users, opt out specific users, operations or networks from MFA verification.

5

Limit access to the system until user's contact details (such as email/mobile) are verified. Opt out certain operations (such as user profile) from verification check. Get end-to-end implementation of email verification workflow.

6

Authorize callers for not just actions but also for the data on which actions are being performed, with a convention-based ADA component that automatically determines permissionCodes and discovers sensitive data fields in requests, and gives you various options to override the default conventions.

7

Suspend not just users but operations on all kinds of entities – such as financial accounts, contacts, etc. for reasons such as KYC required, fraud detected, OFAC. Allow certain operations on suspended entities such as read-only access, upload KYC document.

"BHIS would like to commend Forge Trust on their implementation of the authorization header. The dynamic nature of this header helps to secure the application by preventing replay attacks and request tampering."
— from PENTest performed by Black Hills Information Security on ISCP powered by ASPSecurityKit (refering to HMAC scheme).

Cut cost, ship fast

ASPSecurityKit cuts the time it takes to develop secure web applications and APIs by 20%.

Jump straight into developing product features – get implementation of several important common workflows including account management (register, login, forgot password, account settings, email verification), user management (add/remove/suspend users, permissions), administration (impersonation, transfer), production-ready error handling and much more, right into your project as source code without writing a single line of code!

"ASPSecurityKit has saved us hundreds of developer hours and thousands of Pounds. I was blown away by the speed at which our developer single-handedly developed a complex multi-tenanted, multi-user order lifecycle management web application for a prestigious client in record time."
Ross Williams, founder at Rosscom – a web design and development company (London, U.K.)
Choose a source package for your project

Create marketplace systems (connecting buyers/sellers)

or hierarchical systems (as in an organization chart)

or a mix of these with ease.

Protect against today's threat landscape;

harden against OWASP Top Ten

and be prepared against evolving future threats with regular library updates and expert guidance

Strong Password Hashing

Strong Password Hashing

Password hashing using PBk salted hashing protecting against dictionary attacks.

Change the default hashing algorithm with ease

Password Blocking

Password Blocking

Detect and protect user data when account credentials are compromised (Credential hijacking)

Suspend User

Suspend User

Revoke access temporarily or permanently of unruly users

Request Integrity

Request Integrity

Protect against request tampering and man-in-the-middle attacks

Request Expiration

Request Expiration

Detect and prevent request replay attacks and define request life-time

Integrator Identification

Integrator Identification

Detect and reject connections from integrating institutional clients based on origin white lists

Key Leakage

Key Leakage

Protect sensitive API Keys from being used from browser and non-white listed IPs

XSS

XSS

Feature Hiding

Feature Hiding

ASPSecurityKit is,

an outcome of a decade of experience in developing security features in projects for clients ranging from multi-billion financial institutions, private healthcare, insurance, to hospitality, manufacturing, classified crypto marketplaces and customer support services.

Some of our clients

IRA Services (Forge Trust)
Kirwin & Simpson
Crowe LLP
PerformTel Support
Gluco (Cloudstick Technologies)
Myriad Inc.
Ernst & Young
IRA Services (Forge Trust)
Kirwin & Simpson
Crowe LLP
PerformTel Support
Gluco (Cloudstick Technologies)
Myriad Inc.
Ernst & Young