Collaborate Disseminate
I have created custom attribute for default AntiForgeryToken validation on each ActionMethod. But when I run my application, I am getting an error message for a few ActionMethods saying:
A required anti-forgery token was … Continue reading Anti CSRF implementation in MVC3
As security tester, I need to report and justify that a security misconfiguration in a 3rd party application is a risk to us.
Following is the scenario:
1.) There is a 3rd party application which the customers use to submi… Continue reading Vulnerable framework and IIS server version’s are being displayed in an error page of a 3rd party application
I am implementing JWT token based authentication for our WebAPI in order to restrict data access through the API (e.g. client sends username / password and the api provides a jwt token valid for x hours). We currently have re… Continue reading How background services perform token based Api Authentication?
I am working on developing a REST API that will be used by first party clients that we develop, and third party clients in the future. The first party clients include a SPA client side application, and programs that run on c… Continue reading Securing a multi-tenant API with SSO and different roles per tenant
I am new to stackexchange. I desperately need some help. I am doing my thesis on ‘IoT Threats’, one of my objectives is to try to brute force into an IP camera. I am using Kali Linux Hydra to do the brute force, however I hav… Continue reading How to brute force a login page of an IP camera created in .asp?
a web form that uses id to get data from a database
i bypassed captcha and i want an automated script to post ids and collect valid data to rebuild the database
i tried to use hydra in a cretin way to identify valid ids but … Continue reading get data from database and rebuild a local copy
I’m currently studying authentication mechanisms in ASP.NET Core and came across SecurityStamp feature, which is known also from ASP.NET Standard. From what I understand from the answer here, this was added to perform sign ou… Continue reading ASP.NET – why default SecurityStamp validation interval is set to 30 minutes?
I am currently performing security review of SharePoint server with custom developed functionality heavily depending on CAML queries to get data from SharePoint Lists.
I was looking around, but I could not find any relevant … Continue reading CAML Query Injections
I’ve asked a question regarding an ASP.NET WebAPI implementation of CSRF protection:
https://stackoverflow.com/questions/45389512/the-anti-forgery-cookie-token-and-form-field-token-do-not-match-when-using-webap/45569019#455… Continue reading Is CSRF protection useless with AJAX?
I have a public sign up site, and when they click submit, a verification text message goes out to the phone number specified in sign up by calling an aspx page via ajax. I don’t want spam bots sending out text messages that I… Continue reading Can http referrer value be used to stop spam bots?