Collaborate Disseminate
In order to test the security of my API, I want to act as sort of an attacker in order to try and gain access to my own API without an API key.
In order for me to send requests to this endpoint, I need to include a 32 long c… Continue reading Unauthorized API Access Without Key Header
How do I maintain the same session state with different session ID as we get a login request? Do I need to do anything else from the server end other than just assigning the session id in Response.cookies to an empty string? … Continue reading Session Management to avoid session fixation [migrated]
Is it possible to do any type of XXE in a service developed using default C# SOAP service framework?
I ask because any type of XXE payload I try to add, even XML header, whatever I add before SOAP envelope, I get 400 bad re… Continue reading ASP.NET SOAP Service XXE
During my internship I have to test a newly made webapplication, but I can’t seem to run any tools or tests that actually give me results. I figured it’s because of the .aspx at the end of the URL. All pages without the exten… Continue reading How to run tests on webaplications with .aspx extension? [on hold]
I read in an article that aspx page could be protected from CSRF using the ViewState. But in my case, that page is being called asynchronously through WebRequest API and Update.aspx mentioned below has Async=”true” set.
I co… Continue reading How to prevent CSRF attack on aspx page?
I have a few questions about Microsoft’s Cryptographic Service Providers. I am creating an AES encryption method whose key is encrypted using the RSA. I am trying to figure out a way to store the RSA keys. Unfortunately a har… Continue reading Microsoft Cryptographic Service Providers
I think I found an SQL vulnerability; the request and response can be found below. I’m not sure because it is showing a normal error (it’s in French) instead of showing an SQL error.
I also tried to SQL inject the user page (after I logged… Continue reading I’m not sure if this Website is SQL Injectable
I have a form where the user inputs data. On the back end, I’m taking some of that data and embedding it into a PDF using ActiveReports and displaying it back to the user and also saving a copy on our server.
Using C# and A… Continue reading HTML Form to PDF vulnerabilities
Hopefully this isn’t a complete duplicate. I’ve been reading articles and just can’t fully wrap my head around this. Many articles seem to having differing opinions.
I’m building a web app (Spa + backend Web Api). There i… Continue reading Asp.Net Web API correct usage of WS Federation for Web Application
Hopefully this isn’t a complete duplicate. I’ve been reading articles and just can’t fully wrap my head around this. Many articles seem to having differing opinions.
I’m building a web app (Spa + backend Web Api). There i… Continue reading Asp.Net Web API correct usage of WS Federation for Web Application