Collaborate Disseminate
I am doing some security research on an application and I am wondering where it is based on.
It appears to be changing each request (so not bound to a user session). Is it just a random value, which should exists within the system or even … Continue reading Where is the .NET __RequestVerificationToken based on?
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity tools. Continue reading Patch Tuesday, October 2024 Edition
I am having a small .NET console application that the user launches on its local machine, passing a path argument to which the application is writing a file.
Can this be considered a path traversal vulnerability?
I was thinking this is not… Continue reading Is path traversal a valid vulnerability valid for a windows desktop application?
I have asked this already on Stack Overflow, but got a suggestion to ask in this community too.
I’m working on implementing an XML encrypting / decrypting application in .NET with support for ECDH-ES because clients will use EC key pairs t… Continue reading Is XML Encryption 1.1 Key Agreement test cases decryption possible in .NET? [closed]
I implement a .NET application that has a HTTPS API. A website makes requests to my HTTPS API. The website has a login page and other features.
Do I show a Captcha on the website if a new session is created? Do I show a Captcha on the webs… Continue reading Best timing/safest way to show Captchas on a website?
I implement a server application in .NET. I just want to know which security headers I need to set if I use HTTPS. I know about the HttpOnly and SameSite Cookies. OWASP has a recommendation HTTP Headers Cheat Sheet but do I need every sing… Continue reading Which security Headers for HTTPS?
I try to implement a secure user login in my .net application. The first password is hashed with argon2id. The salt and the hashed password is stored in a database. SSL encryption and HttpOnly Cookie is used.
Now i want to add a multifacto… Continue reading Whats the safest way to store 2fa/mfa secret key in database?
I read that a password and a salt needs to be combined and then hashed. You save the result and the salt in plaintext. Is it a good practice to use the username as a salt? Why and why not?
I also read that good practice is that you need to… Continue reading Whats the safest way to store a password in database?
Last night, Microsoft delivered its sixth preview version of .NET 9 ahead of the platform’s public release.
The post .NET 9 Preview 6 is Now Available appeared first on Thurrott.com.
Continue reading .NET 9 Preview 6 is Now Available
I am trying to understand under which circumstances CVE-2024-38095 applies. When reading the advisory (https://github.com/dotnet/runtime/security/advisories/GHSA-447r-wph3-92pm), one finds the following statements:
Affected software: Any … Continue reading Understanding how to correctly migitate CVE-2024-38095