Remediation of Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018)

We are remediating this vulnerability and would like to know if anyone has been succesfful mitigating this?

Related to Nessus plugins: 111070, 111071

Package: Microsoft.AspNetCore.Server.Kestrel.Core
Package: Microsoft.AspN… Continue reading Remediation of Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018)

JWT for authentication and authorization and protecting an API. It’s feasible / secure?

I’m developing a web application which manages security and hygiene at work so the clients can access information about medical stuff, like exams, reports, accidents, ability to work, things like that.

Info like this is rath… Continue reading JWT for authentication and authorization and protecting an API. It’s feasible / secure?

Web application making a call to a REST API when already authenticated

I’m new to ASP.NET Core and OpenID connect/AzureAD, so I’m looking for some validation (or otherwise) of my approach. Extensive reading/googling over the last couple of weeks while I’ve been learning this hasn’t turned up an … Continue reading Web application making a call to a REST API when already authenticated

Are there any security risks associated with having static files on the server be publicly available?

I am going to frame this question using ASP.NET Core in mind since that is what I’m using, though my question is applicable to any scenario in which you have a client that makes requests to a server storing static files.

In … Continue reading Are there any security risks associated with having static files on the server be publicly available?