Collaborate Disseminate
I come from Linux background and have previously hosted websites on nginx. I use certbot to create and install SSL certificate.
I’m trying my hands-on Windows IIS, I have deployed a website on IIS. Now to add a SSL to my website I’m trying… Continue reading How to generate SSL certificate on windows machine for use with IIS? [migrated]
I’ve read bits around this, but I am curious should I be worried. I constantly am getting hit with random GET and POST requests from I guess just bots crawling the web trying to find vulnerabilities.
You can see below, the POST /GponForm/d… Continue reading Random endpoint getting pinged constantly on my server [duplicate]
I have a server (server01) running IIS with a Web certificate installed. The certificate has the following SANs –
server01.companyname.com
server02.companyname.com
The binding on Default Web Site for HTTPS for 443 has no HostName specifi… Continue reading IIS with alternate name in SAN Cert prompts for Credentials [migrated]
I have a site published in IIS. The site using HTTPS protocol and the web hosting certificate is already expired. This web hosting certificate path is under the trust root certificate which is not expired yet. I am very new to this so I am… Continue reading Renew a web hosting certificate on IIS [closed]
I need to prepare my web app for a penetration test. The scenario is: If one of our windows users is hacked, what can the hacker do to my app and my database?
I have a virtual machine on our server, which holds a SQL Server Express and a d… Continue reading How to secure a SQL Server database (windows auth) against a network windows user (penetration test)
The application in question offers the option to create arbitrary C# code and execute it at any time. These could be considered macros to customize certain tasks. Say that a normal user, who would normally not be able to use this feature, … Continue reading Exploit user controllable C# code in webapp
I am looking into our current website certificate-management process and am looking for steps that may be unnecessary and can be simplified. The current process was created by our sysadmin who now left, and I am confused about step 1 below… Continue reading Why create a CSR on my own server to have it signed by a 3rd party?
I have an Http web service running on IIS. The Http service will be exposed to the public internet, but only authenticated client requests will be processed by the web service. The service allows clients to write complex queries using quer… Continue reading Why is it a security concern to modify http.sys registry entries to allow web service to accept a longer query string?
Microsoft has published a security advisory about a new wave… Continue reading Microsoft Exchange Servers Hit By Stealthy IIS Backdoors
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA supports forward secrecy but it doesn’t use GCM mode and use SHA1 TLS_RSA_WITH_AES_256_GCM_SHA384 uses GCM mode and SHA2 but it doesn’t support forward secrecy. Which one is more secure?