How to fix Cross-Site Scripting: Persistent issues
Hello,There is a software called Fortify that scans my web code pages and that the code below vulnerable for Cross-Site Scripting: Persistent. I am not sure how to go about fixing it. Any ideas?...
View ArticleSecuring EDMX Connection String in Web.Config
Hi,We have generated the ConnectionString in web.config using EDMX Design Model from Sql Server, and how to encrypt or protect the Sql DB Credentials with in the Connection String of Web.Config file.
View ArticleHow to prevent POST and GET parameters collapsed into a single collection in...
I have an asp.net webforms application(.net framework 4.5) running on client's server. A recent security audit indicates that the application collapse the POST and GET parameters into a single...
View ArticleSame auth cookie send to different users
Hello,first I want to apology to send new question in Visual Studio General Questions. But I cannot see ASP.NET forum. I would like to ask you if there is someone who solved problem with auth cookie....
View Articleasp button with single click and not multiple clicks
I have a "next" button which gray out after click next so the screen reader read "NEXT IS DISABLED". How can I disable "NEXT IS DISABLED" from screen reader? I tried aria-hidden=true or...
View ArticleForms Authentication cookie is expired too soon
We are setting auth cookie as follows:var authTicket = new FormsAuthenticationTicket ( 1, principal.Email, DateTime.Now, DateTime.Now.AddMinutes(1200), false,...
View ArticleColumn encryption as part of vulnerability scanning of ASP.Net project
My project has to be scanned by software called 'Checkmarx', and it lists out vulnerabilities and how to fix them. One of them is "Missing_Column_Encryption" and...
View ArticleClik here to view.
JQuery.Unobtrusive-Ajax.js detected as JavaScript Hijacking: Vulnerable...
HiHi, I'm using JQuery.Unobtrusive-Ajax.js for our MVC apps. It makes development faster and easier. But when we're doing security scan (OWASP) using fortify, it detected as a low vulnerable on line...
View ArticleC# Aes Crypto implementation to Javascript
I have a Rijndael based c# code. I try to encrypt in c# Rijndael and decrpt in javascript(CryptoJS). But i cant match the encrypted values. I try lots of things but nothing worked.Here is my c# code:...
View ArticleDot Net Core 2.2 Sign Out issue
Have .Net Core 2.2 MVC application and integrated with Azure AD for userAzure AD. User authentication and sign out is working as expected.But if we copy the cookies AspNetCore.AzureADCookie,...
View ArticleInsecure Transport Vulnerability (LUCKY13 - Potentially vulnerable and BREACH...
I am working as a full stack developer. Following vulnerability reported by our security team.Environment - IIS 7, ASP.NET Web Pages, ASP.NET MVC, .NET framework 4.6Any hint or resources to address...
View ArticleWhich user account to use
Hello there,In my .net MVC web application, users can upload and download files. The web application runs on ServerX but since it doesn't have enough disk space, the uploaded files are stored in a...
View Articlejquery directory not found when these response.headers are in code (in prod)
Hello,I am using .NET Core 2.2 - MVC Framework. I had but this security code which works well in dev, but in prod it does not seem to read the jquery lib and throws off the whole page. if I remove it,...
View ArticleMicrosoft IIS ISAPI Extension Enumerate Root Web Server Directory Vulnerability
Hi All,we are having "Microsoft IIS ISAPI Extension Enumerate Root Web Server Directory Vulnerability" in one of our servers. could you please let me know what is the solution to fix this issue?Thanks.
View ArticleSearch for a word in encrypted text
I use TripleDes and Cryptography in C# to encrypt my text and then save it in a database. Now I want to be able to search for a single word in that encrypted text in the database. I thought that if I...
View ArticleClik here to view.
WAF is blocking ASP.NET website due to Scriptresource.axd
ASP.NET (Framework 3.5, IIS 8.5, windows server 2012R2) with Ajax control toolkit is being blocked by WAF (Web Applications Firewall). Following is the screen shot from WAFThese are signatures from...
View ArticleYour connection is not secure. in Firefox and Chrome
dear all,i have mark my project as SSL enabled to true , added certificate provided by microsoft. then in MMC, under computer account, i imported this certificate fromPersonal to Trusted Root...
View ArticleHow to prevent Cross-Site Scripting (XSS) in ASP.NET Core?
There is a link for preventing XSS in .Net Core 2.1.It uses some code like below which I don't understand it at all.services.AddSingleton<HtmlEncoder>( HtmlEncoder.Create(allowedRanges: new[] {...
View Articlehow to encrypt and decrypt password in asp.net while using MondoDB ??
I'm making a login page with MongoDB as database , But I am not understanding how to encrpt and decrypt password . can anyone help ??
View ArticleConfiguring ASP.NET Core Data Protection to a Service rather than a DB?
The environment in question is the classical setup where the website is in a DMZ and can only talk to RESTful web services behind the DMZ. Add to that the DB is NOT MS SQL, it is Oracle. Are there...
View Article