Script VS SSL
Script VS SSL<div>Script errorconfuses theSSLWe areFinalizing anASP.NETapplication withVisualStudio 2012 andFrameworkfor asp.net4.0;ComodoEssential SSLand the project isoperatingin...
View ArticleIBM App Scan - Session Not Invalidated After Logout
Hi,After running IBM appScan we received an issue - "Session Not Invalidated After Logout". Any idea or suggestion on getting rid of this issue?Thanks.
View ArticleCross Frame Scripting Vulnerability
We had a third-party security audit and they found a bunch of things that needed to be corrected. We fixed all of them, except for one. They claim we still have a problem with Cross Frame Scripting...
View ArticleSecuring Upload folders
Hello,We have a folder on a server where we allow the user to upload a document from the web page.Currently 'Everyone' has permissions to access this folder. Is there a specific account that can be...
View ArticleWebsite Hacking
I have created and managed an asp.net website using C# through Visual Studio 2010 of our church denomination last year.After few months it was hacked but the hacker doesnot seem to interfere the SQL...
View ArticleAuthentication using Mobile number
I am in the process of developing web API(ASP.net) for a mobile app. The app wants to do authentication based on mobile number. My idea isThe user registers using his mobile number (An API will be...
View ArticleVulnerability (XSS)
I have a simple website form that take users' input and save that to a database. (e.g., names and email). very basic information.Recently, it fails Vulnerability scan and I am not sure what the...
View ArticleHow does hacker create account with admin privileges ?
My asp.net site was hacked last week. I found a user I never put there that had administrative privileges, which I am pretty sure is how the site got sprinkled with a number of asp. php, and...
View ArticleWCF Security
Hi all, I'm not sure if this is the appropriate forum for my questions but here goes. Suppose I have an app that uses WCF to send and receive text messages and image files across the web, and the...
View ArticleGroup based Authentication through Active Directory - restrict access to...
The code below works with my AD account groups and the login page goes to the page i need (mysecurepage.aspx) after I login using the username and password from the AD group.However, im having a bit of...
View ArticleReceiving errors for a domain I don't control
I have my site set up to email me whenever an error happens, and recently I've been getting an occasional blast of about 50 notifications (once every day or two) about a page not found error, but the...
View ArticleStrange IP Addresses and Service Providers
In my analytics, I'm seeing hits to my websites.Many of them are government IP addresses such as the DOD (Department of Defense)I also have this information that I don't understand[ipv4 address block...
View ArticleClik here to view.
System.Security.SecurityException when setting .NET Trust Level to High
Hello,I am getting System.Security.SecurityException when setting .NET Trust Level toHigh in IIS (version 8.0), please refer to below screenshot for further error details. I am using .NET framework...
View ArticleURI Format not supported.The remote server returned an error: (401)...
Hi,I want to download the document from below mentioned URL. When i try to download directly in the IE URL, it will be asking username and password credential to open the document.But, when i try to...
View ArticleRemove Server information from HTTP header response?
How to remove Server information in Http header programatically?i don't want to use Urlscan or any other toolIn Global.asax file Application_PreSendRequestHeaders event i have below...
View ArticleDeny access to upload folder to unauthorized user to access files in upload...
Hi,I have upload folder to upload document.but if user knows the url of document he is able to access without login in web application.Can it be possible to deny user to access it.Note : there is no...
View ArticleMicrosoft.Security.Application.Sanitizer.GetSafeHtmlFragment is not removing...
Hello,I need to remove img tag also from GetSafeHtmlFragment function but it's not removing.Does any one have idea how to remove to img tag? Is there any whitelist or black list?Can we make our...
View ArticleHow to run security checks on your mvc .net website
How do you run security checks on your mvc .net website to check for possible hacking loop holes.
View ArticleSearch for a word in encrypted text
I use TripleDes and Cryptography in C# to encrypt my text and then save it in a database. Now I want to be able to search for a single word in that encrypted text in the database. I thought that if I...
View ArticleHeader Manipulation
protected void exportToExcelGv(object sender, EventArgs e) { string FileName = "\\" + System.Configuration.ConfigurationManager.AppSettings["DocuDir"] + "\\FXExposure_" + ddlFund.SelectedValue +...
View Article