A Milestone Achieved: 1 Million Downloads of OwaspHeaders.Core

The image shows a laptop computer on top of what appears to be a desk, with the screen displaying a software development environment with code open. The code includes a file name 'app.js' and contains JavaScript syntax. In front of the laptop is a clear glass of water. To the left of the laptop, there's a pen holder containing a few pens and a stapler. The desk has a wooden surface, and in the background, there's a hint of a person seated at the desk with their back to the camera. The overall setting suggests a workspace or home office environment.

The cover image for this post is by AltumCode

As the festive season approaches, we’re reminded of the importance of giving back to the community that has supported us throughout our journey. At RJJ Software, we’re thrilled to announce that one of our open-source projects, OwaspHeaders.Core, has reached a remarkable milestone: over 1 million downloads.

For those who may not be familiar with OwaspHeaders.Core, here’s a brief background on the project. In 2017, Jamie, our CTO, started working on an ASP .NET Core middleware that would make it easy to add the OWASP recommended HTTP headers for securing a web application. Since then, the project has evolved significantly, with updates, live streams, and even blog posts showcasing its capabilities.

In this article, we’ll take a look at the journey of OwaspHeaders.Core, from its humble beginnings to becoming one of the most widely adopted NuGet packages in the ASP.NET Core ecosystem.

Background

We donate some of our CTO’s time to working on OwaspHeaders.Core because we believe that giving back to the open-source community is important. And what better way that to make other people’s projects more secure by default whilst also making is easy to do so?

To do this, Jamie started by implementing the recommended HTTP headers for security from the OWASP Secure Headers project. The initial version of this had the HTTP headers and their values hard coded, meaning they could not be changed without re-compiling the ASP .NET Core middleware. Soon, Jamie adopted a JSON configuration approach (copying the appsettings.json pattern used by ASP .NET Core), but this quickly became a chore to keep up to date. So he decided that a build time configuration as C# code was the way to go.

Using the appsettings.json file was great as a way to start, but it quickly became difficult to keep up to date. Escaping string characters so that the JSON file would always be valid UTF-8 while also maintaining readability was tough.

Then I thought "why not just have the configuration in code? That way the consumer could make build-time changes to make it their own." After all, changing the appsettings.json file caused the app to reboot anyway. And if you made a change to the security of your app, you’d want it to have to reboot in order to reflect those changes.

- Jamie

Soon after the first commits, Jamie got to work on creating a NuGet package for the code. That way, other .NET developers would be able to consume it. The NuGet package was uploaded to the official NuGet feed, and has been available at http://nuget.org/packages/OwaspHeaders.Core/ since 2017, with the publicly-available source code being found on GitHub at https://github.com/gaprogman/owaspheaders.core. Documentation for the project can be found at https://gaprogman.github.io/OwaspHeaders.Core/—the documentation is currently rather minimal, but it is evolving all the time.

Over the years since he started working on it, Jamie has published updates, written parts of the codebase on live streams, and used it as an example of how to build an open-source project for ASP.NET Core.

Since its inception, OwaspHeaders.Core has undergone significant transformations. From its early days as a simple middleware solution, it has expanded to become a comprehensive tool for securing web applications.

The dedication and enthusiasm of the OwaspHeaders.Core community have been instrumental in driving its growth. By sharing their expertise, providing feedback, and contributing to the project, these individuals have helped take OwaspHeaders.Core to new heights.

Celebrating a Milestone & The Spirit of Open-Source

As we celebrate the remarkable achievement of 1 million downloads, we’re reminded of the importance of open-source projects like OwaspHeaders.Core. These projects provide a platform for developers to collaborate, share knowledge, and build upon each other’s work. For us at RJJ, it’s been an incredible journey watching OwaspHeaders.Core grow from a small project to a widely adopted NuGet package. We’re proud of the role we’ve played in supporting its development and growth.

As we approach the festive season, we’re reminded of the spirit of open-source software development that has brought us to this milestone. The collaborative nature of open-source projects allows developers from all over the world to contribute to a common goal, sharing their expertise and knowledge with each other.

This is reflected in the upcoming festive season episodes of The Modern .NET Show, which focus on open-source software development, best practices for NuGet package development, and even feature a guest episode where Scott Harden shares his experience writing a PR for OwaspHeaders.Core.

The first episode of this series will be released on December 6th, 2024, and we encourage you to tune in. In the meantime, we’d like to take this opportunity to thank everyone involved in making OwaspHeaders.Core the success it is today.

A Future of Growth

As we look ahead to the future, we’re excited about the potential that OwaspHeaders.Core still holds. With its continued growth and popularity, we envision a world where securing web applications becomes even easier, thanks to the efforts of individuals like those who have contributed to open-source projects like this one.

In conclusion, reaching 1 million downloads is a remarkable achievement, but it’s just the beginning. We’re proud to be part of the OwaspHeaders.Core community and look forward to continuing its growth and development in the years to come.

Thank you for being part of this journey, and we wish you all the best in your own open-source adventures!

The Future of OwaspHeaders.Core

As we move forward, there are several exciting developments on the horizon for OwaspHeaders.Core. In the coming months, we plan to:

  • Continue improving the middleware’s performance and security features
  • Work on keeping the list of HTTP headers it provides in sync with the OWASP list.
  • Expand the project’s documentation and tutorials to make it easier for new users to get started
  • Explore opportunities for integrating OwaspHeaders.Core with other popular .NET frameworks and libraries

Get Involved & Stay Connected

If you’re interested in contributing to OwaspHeaders.Core, we invite you to explore the GitHub page and take a look at the project’s issues and pull requests. All contributions can help shape the future of this project and make it an even more valuable resource for developers around the world.

Thank you again for your support, and we look forward to continuing this journey together!

About RJJ Software Ltd.: RJJ Software is a leading technology company offering a wide range of software development, consulting, and mentorship services. They are also AI experts, providing cutting-edge solutions in this rapidly evolving field. In addition to their software offerings, RJJ Software offers audio and podcast editing services, making them a one-stop solution for all your tech needs.

The company produces The Modern .NET Show—the only podcast focused specifically on .NET—and The Waffling Taylors podcast. They also edit and provide post-production services for Retail Leadership with Steve Worthy, and the recently retired Podcasters Live, Tabs and Spaces and Cynical Developer podcasts.