Asp.Net – Page 5 – WindowsTechs.com

PadBuster Block Size check

Posted on March 14, 2020 by Khalil

After a small nikto scan I found a potential MS10-070 vulnerability on my server and while testing for the padding attack on the Padbuster tool, and after watching some exploits on youtube, I always receive this error which gets me confuse… Continue reading PadBuster Block Size check→

Why ASP.Net Identity sends sensitive information to clients?

Posted on February 15, 2020 by Ignacio

As far as I understand, Identity sends to the user an encrypted token with some user information like the user name and expiration date. Then, when a new request arrives to the server, it decrypts it and will have available all the user cl… Continue reading Why ASP.Net Identity sends sensitive information to clients?→

NONCE not supported in Asp.Net for CSP implementation

Posted on February 7, 2020 by MattyMerrix

Is NONCE supported in Asp.Net when implementing the Content-Security-Policy header to protect from XSS ??
I read that NONCE was not supported in Asp.Net, however, I read another simple article, that shows how it is done? Does anyone use no… Continue reading NONCE not supported in Asp.Net for CSP implementation→

Validating JWT in server-to-auth-server scenario

Posted on January 29, 2020 by StuartM

The main question here is: If you are using a backend server to authenticate a user with a third party provider such as Auth0, do you need to validate the JWT received in this scenario?

I am looking at the example custom login from Auth0 … Continue reading Validating JWT in server-to-auth-server scenario→

Active Directory authentication with a Login form ASP.NET MVC5

Posted on January 16, 2020 by kuma

I want to create a web application with a login form and authenticate with Active Directory account. Our users sometimes use a device that users cannot log in, so we don’t want to use Windows Authentication.

How it’s set up right now is:
… Continue reading Active Directory authentication with a Login form ASP.NET MVC5→

How to prevent XSS attacks in ASP web application

Posted on December 16, 2019 by Sachith

In my web application, while doing the penetration testing two XSS vulnerabilities identified in some text input.

that field testing using followin cheets,

Hardening ASP.NET against session fixation: Should I change the session ID despite the additional Auth cookie?

Posted on November 28, 2019 by Marcel

Situation

I am the responsible developer for an ASP.NET application that uses the “Membership” (username and password) authentication scheme. I am presented with the following report from a WebInspect scan:

WebInspect has found a sess… Continue reading Hardening ASP.NET against session fixation: Should I change the session ID despite the additional Auth cookie?→

ASP.NET hosting provider recovering from ransomware attack

Posted on November 12, 2019 by Lisa Vaas

With more than 440,000 customers, SmarterASP.NET is said to be one of the most popular ASP.NET hosting providers. Continue reading ASP.NET hosting provider recovering from ransomware attack→

Telerik Script not working correctly?

Posted on October 15, 2019 by Dees Peeleey

I found that a website is using a version of telerik web ui that may be vulnerable to cve-2017-9248.

However when i use the python script with command

python script.py -k https://www.website.com/Telerik.Web.UI.DialogHandler… Continue reading Telerik Script not working correctly?→

XSS protection – escape symbols

Posted on October 1, 2019 by Ice2burn

Lets say we have private math/developers forum website made with asp.net. Users can post text-messages in topics. Based on OWASP articles we should escape symbols like: ‘ ” < > / to prevent XSS attacks. But characters ‘ ” … Continue reading XSS protection – escape symbols→