Implement AntiXssMiddleware in .NET Core Web [closed]
Can anyone explain how to implement AntiXssMiddleware in .NET Core Web in a step by step manner?
Continue reading Implement AntiXssMiddleware in .NET Core Web [closed]
Category Archives: net
What to look for inside web.config? [closed]
SCENARIO:
I was testing a website and trying wget https://website/path.zip instead of https://website/path I was able to download the entire website source code.
I’m new to ASP.NET and related. I only know that web.config is a sensitive fi… Continue reading What to look for inside web.config? [closed]
What tools exist to integrate a open source secrets detector into a deployment pipeline and Github? [migrated]
There are a number of open source secrets detectors that run via CLI. (Gitrob, trufflehog) However, is there a good way to integrate these that they run on a per PR basis? The use case here would be alerting a developer that they’ve commit… Continue reading What tools exist to integrate a open source secrets detector into a deployment pipeline and Github? [migrated]
How to save .Net Application from TOCTOU
Just read about TOCTOU vulnerability and upon examinnig my application was doing the same as upon login all his roles are fetched then saved in session so that user will have access to all these roles until he log out and login again , Ple… Continue reading How to save .Net Application from TOCTOU
How to save .Net Application from TOCTOU
Just read about TOCTOU vulnerability and upon examinnig my application was doing the same as upon login all his roles are fetched then saved in session so that user will have access to all these roles until he log out and login again , Ple… Continue reading How to save .Net Application from TOCTOU
Disassemble and debug dynamic generated code executed via delegate in c# [migrated]
I’m trying to reverse engeneer a malware using dnSpy that at some point do this:
delegate IntPtr H7IREAEBYY(string path, IntPtr data);
byte[] array = new byte[]
{ 233, 151, … }
IntPtr value = IntPtr.Zero;
IntPtr intPtr = W47PO0I… Continue reading Disassemble and debug dynamic generated code executed via delegate in c# [migrated]
Bypass Request validation ASP. NET 4.0.30319
I’m testing a web app which responds with this HTTP header
X-Asp-Net: 4.0.30319
The event register validation is enabled, so If I try classic payloads like <script <img, etc, they are blocked.
I tried also the payload shown here
How… Continue reading Bypass Request validation ASP. NET 4.0.30319
Four ways to check .NET Framework version installed on Windows 10 PC
For the most part, you don’t need to worry about the version of .NET installed on your…
For more visit TheWindowsClub.com. Continue reading Four ways to check .NET Framework version installed on Windows 10 PC
Secure an intranet Winform application
Is there a need to secure winform application in an intranet environment? Clearly, there is no external threat and only authorized personnel have access to the intranet environment, so I am not sure if there is a need to secure it. Unless … Continue reading Secure an intranet Winform application
Can a client application volunteer to send a certificate?
When testing our c# application with a service from a new supplier our request was denied because the client certificate was not send.
Network traffic with a service where our application is known to work with shows us this:
Client Hello
S… Continue reading Can a client application volunteer to send a certificate?