Collaborate Disseminate
I have an MVC application that has undergone SAST. The scan detects a potential XSRF/CSRF vulnerability.
The application rewrites the .AspNet.ApplicationCookie setting SameSite=Strict:
protected void Application_PreSendRequestHeaders(objec… Continue reading Is the .AspNet.Application cookie vulnerable to CSRF attacks?
I’m using BurpSuite to bruteforce the login credentials for an ASUS router via the router interface page. I’ve found that the login credentials input are only base64 encoded and displayed in the request body. I’m using the Intruder to brut… Continue reading burpsuite see href script in response body
I am having a stateful service which is using target framework as "netcoreapp3.1". And This service will be calling Some test projects and other dependencies. We need to add these projects and dependencies as reference. Most of t… Continue reading Feasible dotnet version [migrated]
Today i faced a web site related to government that showed me all of my certificates in a combobox for authentication on that web site.
What were those certificates?
How can i show them in a asp.net web site?
Can browser access to those ce… Continue reading Using certificates for authentication in a web site
I am planning a SaaS-solution, where my clients store and save sensitive data on my servers.
Security is a big point as it makes a product more trustworthy, so my thought was that the data which I retrieve from my clients should be encrypt… Continue reading Best way to encrypt client side data for SaaS inside the web
I need to implement CSRF token in my web application using ASP.NET. Also that token needs to be encrypted with sha256. Please help me with sample code.
In the past I have dealt with security issues related to Default Service Banners/Verbose Headers/Information Leakage via HttpResponse Headers. These issues are quite common, and usually look something like this for an Asp.Net – IIS Server… Continue reading HttpResponse Headers Information Leakage on Server Error (Verbose Headers)
I have an API server (ASP.NET Core 5) and SPA client (ASP.NET Blazor). Nothing else: no external oauth servers, identity providers and whatnot
To secure access, the server issues and validates access tokens (JWTs) and refresh tokens.
A JWT… Continue reading Should I specify JWT audience and issuer if I have only one SPA client?
Are files put into the Pages/Shared folder public to the whole WWW if the website is hosted publicly? I am asking since I want to implement a partial view load thru a controller and want to know whether it’s secure.
I am using ASP.NET Core… Continue reading ASP.NET Core – are files put in the Shared folder under Pages (where the Razor pages reside) publicly accessible?
I have a .NET 5 application running on AWS which has these requests constantly attempting to run:
GET http://app-10-irules.com/
GET http://www.simpleexample.com/
GET http://ssl-app-default-backend.com/
Currently they all 404, but nothing i… Continue reading What are these requests that appear to be phoning home?