Hi,
I am working on ASP.NET ,AZURE.
We have deployed our website on AZURE Web App and run the OWASP tool to check for security issues.
It gives the exception on Anti CSRF Tokens Scanner and Source Code Disclosure - File Inclusion
For
1 ) Anti CSRF Token - We have used ValidateAntiFurgeryToken with HTTPPOST, but using this also OWASP gives the exception.
2) Source Code Disclosure - File Inclusion - gives exception as
The source code for the current page was disclosed by the web server on
URL: URL/Fonts/(fuzwqe55k3i2bi3axm21yq55)/
Parameter : __ID__
Attack : ../
Here We dont know how that attack happens in Fonts ?
Please suggest how to resolve Anti CSRF Tokens Scanner and Source Code Disclosure - File Inclusion.
Regards
Uday Mahajan