IIS – Page 6 – WindowsTechs.com

How to best limit SQL injection attacks that are being funneled through an Apache proxy I control

Posted on July 3, 2020 by MeSo2

I use an Apache proxy to funnel traffic to an IIS server. The IIS server sends me emails if some bad actor attacks my site with an sql injection attack. It captures their IP address, and sends me the URL that was used.
The other day I got … Continue reading How to best limit SQL injection attacks that are being funneled through an Apache proxy I control→

How to make use of a exploit that is not available in metasploit?

Posted on June 28, 2020 by Aeden Thomas

I want to exploit a Microsoft IIS HTTPD 10.0 server open which is open in PORT 80. However there is no available exploits in Metasploit but there are few vulnerabilities in this site. Is it possible to make use of these vulnerabilities?

… Continue reading How to make use of a exploit that is not available in metasploit?→

Host header injection IIS [closed]

Posted on May 18, 2020 by Antony xavier

I have a MVC web Application which is hosted on IIS10. During vulnerability scanning it is noticed that the application supports Host Header Injection. The application domain allows to redirect to mallicious domain when it is intruded by … Continue reading Host header injection IIS [closed]→

Check the origin header server-wide in IIS to prevent CSRF through the IIS configuration change Only

Posted on April 7, 2020 by user1773981

Could you please let me know how can we check the origin header server-wide in IIS to prevent CSRF through the configuration change only without adding a custom HTTP module in IIS?

Continue reading Check the origin header server-wide in IIS to prevent CSRF through the IIS configuration change Only→

Cache HSTS and cookie policy

Posted on January 30, 2020 by Peter Smith

I have developed a small website that uses HTTPS. It is developed using Visual Studio MVC and is deployed to a remote IIS run by a hosting company. They supply and install the SSL/HHTPS certificate I use,and presumably manage any HSTS poli… Continue reading Cache HSTS and cookie policy→

Active Directory authentication with a Login form ASP.NET MVC5

Posted on January 16, 2020 by kuma

I want to create a web application with a login form and authenticate with Active Directory account. Our users sometimes use a device that users cannot log in, so we don’t want to use Windows Authentication.

How it’s set up right now is:
… Continue reading Active Directory authentication with a Login form ASP.NET MVC5→

IIS FTPS Best Practise

Posted on December 12, 2019 by John

I have the task to place an FTP server in the company DMZ for our partners to store sensitive data that can not be sent by mail.

I have chosen the IIS FTPS. I will generate a self-signed certificate for server authentication. Also, I was… Continue reading IIS FTPS Best Practise→

Expected Cipher Suites not showing in packet traces – Handshake Failure [migrated]

Posted on October 28, 2019 by ffadriala

I want to start off by saying that I am not an expert in regards to networking or Wireshark but I do have a background in web development, particularly .net and iis/windows server.

I am trying to add a couple of ciphers in … Continue reading Expected Cipher Suites not showing in packet traces – Handshake Failure [migrated]→

Running application with minimal privileges on Win 10

Posted on October 16, 2019 by Arthemoon

I have REST server (Spring Boot) runs on Windows 10 and frontend which runs on IIS web server. I need to configure rules as secure as possible. Web-server and REST server runs on the same computer on the local network.

Appl… Continue reading Running application with minimal privileges on Win 10→

Detect vulnerability based on IIS log

Posted on October 8, 2019 by Pajri Aprilio

Is there any tools to detect website vulnerability/suspicious request from IIS log?

Continue reading Detect vulnerability based on IIS log→