Collaborate Disseminate
What i tried is validinput when user upload pdf file with xss.
in mvc how to prevent PDF Injection leads to Cross-site Scripting?
Continue reading in mvc how to prevent PDF Injection leads to Cross-site Scripting?
I created a new ASP.NET Core 6.0 MVC web application, and I define it to use Azure AD for authentication, as follows:
Then I was asked to create an owned application, so I created one named "ad" as follows:
Inside my applicat… Continue reading Why the Active Directory App created using Visual Studio does not have any "Certificate & Secrets".. is this fine?
I have an MVC application that has undergone SAST. The scan detects a potential XSRF/CSRF vulnerability.
The application rewrites the .AspNet.ApplicationCookie setting SameSite=Strict:
protected void Application_PreSendRequestHeaders(objec… Continue reading Is the .AspNet.Application cookie vulnerable to CSRF attacks?
This is my last semester and I’m doing an asp.net course at my university. But I’m confused between choosing Javascript(Node.js) and C# (Asp.net). I didn’t like PHP so I don’t want to go with Laravel. Can anyone please give me a quick sugg… Continue reading Which stack to choose as a beginner Nodejs(MEVN,MERN) or Asp.net(Angular/React)?
I fallen in a scenario that
User opens two tabs for login page and try to login on both
Instead of showing an error message to user (I can’t think of a good meaningful message to explain antiforgery validation to end user anyways), I wan… Continue reading Is Antiforgery Validation really needed for Login page when external return URL is not allowed?
Are files put into the Pages/Shared folder public to the whole WWW if the website is hosted publicly? I am asking since I want to implement a partial view load thru a controller and want to know whether it’s secure.
I am using ASP.NET Core… Continue reading ASP.NET Core – are files put in the Shared folder under Pages (where the Razor pages reside) publicly accessible?
Several answers on StackOverflow suggest that a C# object can be passed to JavaScript in ASP.NET MVC by the following:
<script type="text/javascript">
var obj = @Html.Raw(Json.Encode(Model));
</script>
This is vu… Continue reading Passing a C# object to Javascript in ASP.NET MVC
Veracode has found overpost or mass-assignment flaws (CWE 915) in our MVC portal. Technically, this is true, but I am wondering how much of an effort we would need to put into this, especially since we are already using antiforgery tokens… Continue reading CWE-915 (overpost/mass assignment) and antiforgery when not saving posted object to storage
I’m using a free template as a front end in my application and the main javascript file came out as a high risk as it’s vulnerable to a dom based cross site scripting.Is there a way to sanitize the javascript function inside a javascript f… Continue reading prevent dom based – xss from js file in mvc
I just got a message from a security guy that my application is executing remote code if they pass a Content-Type: image/asp. For now he does not disclose anything. Now my question is that if I am using ASP.NET 5 MVC application using IIS … Continue reading Content-Type and Code Execution