Learing ASP.NET Security Vulnerability programming
I am new to repairing security vulnerability on ASP .NET code. Can someone give me links to on-line reference material where someone new like me can learn the process?
View ArticlePreventing XSS attacks to dynamically created DOM webpages and dynamically...
I have read the following article:https://msdn.microsoft.com/en-us/library/bb355989.aspxNow this article allows me to understand XSS vulnerability defense to a webpage that is statically made up of asp...
View Articleplease give me ex of each one of rout url
hi, all following lines are from professional asp.net 4.5 i understand the first exmaple which is of controller , please give me some code of other two so that i can understand. TABLE 34-2 ROUTE URL...
View ArticleCSRF question
I am investigating a CSRF finding in asp.net c# code behind as shown in the following code:LinkButton LinkButtonControl = new LinkButton(); LinkButtonControl.ID = Name;Now, I feel that the following...
View Articlelist all the roles the user is in
When a user opens my web app, I want to list all the roles the user is in. How do I extract roles from HttpContext.Current.User ?I am able to check if the user is in a role with...
View Articlecross site scripting issue with javascript code behind
We have scanned our site for vulnerabilities. We received a warning message on this code("StaticPostBackScrollVerticalPosition") for potential cross-site scripting.What needs to be changed to fix this...
View ArticleAccess Denied when using ASP.NET to run PowerShell
Hi,I am writing a PowerShell / ASP.NET application to enumerate, disconnect, and log off a user's Terminal Server sessions.I can enumerate them just fine, but I am receiving an Access Denied message...
View Articlehow to make sure user would not able to browse directly to that page in the URL
how to make sure user would not able to access the aspx page directly by manually entering the url but only through the application.I tried useing url.referrer but as I am using server.transfer it...
View ArticleDangerous code detected on production server only with htmleditor extender.
I'm a bit baffled. I've got all prerequisites configured and working correctly with my htmleditorextender meaning.1) Sanitization providers correctly installed, referenced with dlls ext.2) latest...
View Articlecan google webmaster tools find malware in pages that are password protected?
I use membership security for my website (yes, I know it is outdated, but I had too much trouble updating it), which means that various folders in the site have a web.config file in them, that...
View ArticleMicrosoft.Security.Application.Encoder.CssEncode how to read result?
helloasp/net.4.webFormusing Microsoft.Security.Application.Encoder.CssEncode.string s = "background-color: rgb(165, 42, 42);" , s2 = Microsoft.Security.Application.Encoder.CssEncode(s); // s2 result =...
View ArticleUsing AntiXSS on store and read from db redundant?
Is there any point to pass information read frm a db through AntiXSS filters if the only way they could be saved to the db in the first place was going through an AntiXSS filter? I have dynamic pages...
View Articleaccessing a webservice both from asp.net and from a program
I have a webservice on my website. I also have a stand alone program that people can download from my website, to interact with the webservice. The webservice writes to a database, and my website...
View Articlein server - how Sanitize json comes from ajax
hellonet.4. web form - web method;in server - how Sanitize json comes from ajax?i need to strip all html tags and to validate its a valid json.(at the server i parse the json to dynamic and than to...
View Articlethe user underwhich web service should run
Hi,Setting the user under-which a web service could be called,, to anonymous, while setting the internal impersonation to an elevated user, could technically work nicely, but this way any user could...
View ArticlePrint to network printer fails from IIS 8 web application
Hi All,I am stuck with an issue printing a crystal report to network printer on IIS8 ( Windows server 2012). Printer Queue shows up information on document is being spooled-> printed -> Deleting...
View ArticleUsing X509Certificate2 to get PrivateKey causes CryptographicException...
Hi, everyone,I am developing a web application that uses X509Certificate2 to get a private key from a certification file. Code snippet looks like following: public static RSACryptoServiceProvider...
View ArticleCustom Error page not loading
When I have custom error turned on for my site, and then try www.domain.com/robots.txt..// , it errors out to an error page which says Server Error in '/' Application.Runtime ErrorDescription: An...
View ArticleSecurity Audit
Hi,We've been working on a public-facing ASP.NET application and we're thinking about getting a security audit done on the app.Can anyone make any suggestions as to whom we should hire for the audit?
View Articleaccessing a webservice both from asp.net and from a program
I have a webservice on my website. I also have a stand alone program that people can download from my website, to interact with the webservice. The webservice writes to a database, and my website...
View Article