Collaborate Disseminate
Does anyone have any automated tools to figure out what 3rd party/open source/paid software is being used in an ASP MVC .Net application? I have used nuget but it only keeps track of what has been added through Nuget.
PM&g… Continue reading Web application third party and open source patch managment tools [on hold]
How can we mitigate host header injection in ASP.NET? I have already configured application binding in IIS and set static hostname but still, the vulnerability exists.
Continue reading Prevention of host header injection in ASP.NET?
Ours is .net 4 web application. We’ve few hidden fields on the form.
When the site was tested for XSS vulnerabilities, these hidden fields were the first victims:(. How to protect or safeguard hidden fields? For normal textbo… Continue reading XSS issues for hidden fields
CVE-2005-1665 says that unencrypted viewstate is a vulnerability. How is this a vulnerability, how is an attacker is going to use it and exploit it?
Continue reading Why should I encrypt my viewstate? [on hold]
General recommendation is to include an anti-forgery token in all POST requests, but is it needed for email newsletter subscription form?
Many single page scrolling sites have email subscription form on page, and using anti… Continue reading Is AntiForgeryToken needed for newsletter subscription?
I am developing a website using this book. From my knowledge and from the book, the major issues that I would have to look out for are XSS, CRSF and SQL injection attacks. I have found that there is ample resources, plugins a… Continue reading What attacks is my website subceptable to and how can I prevent them? [on hold]
Why doesn’t Visual Studio compile the source code (.cs) automatically before publishing, since they know perfectly well that the end-product website is going public? (Unless you’re just building the website for your own fun.)… Continue reading Why isn’t ASP.NET source code compiled before it is published?
I have been fixing a asp.net web forms application that has a number of vulnerabilities that were discovered by an outside pen testing firm.
I have recently implemented a double submit cookie with the asp.net AntiForgery lib… Continue reading Is this a true CSRF attack?
We are using asp.net mvc, using forms authentication. Username and password is sent to the server with TLS with a strong secure certificate. Their justification for this:
threat:
“the web server uses plain-text form authenti… Continue reading A security audit wants encypted user/pass for login in asp.net – this seems pointless or is it not?
I’m trying to develop a web app using ASP web API & Angular JS, each angular controllers need web services to get business data to visualize, please who can give a proper mechanism to secure internal web services in my ap… Continue reading How to secure my internal web service – ASP/MVC [on hold]