How to handle character count while using HTMLEncode-Decode
Hi All,We have one web form having many textboxes. Each is having some character limit as per business needs. To handle Cross Site Scripting, we are using1) HTMLEncode - while fetching data from user...
View Articlevulnerability from advertisement content
asp.net.4 website client spouse to post the server a script code.. an advertisement content.. includinghtml js css flash.... so and so.. how to protect from vulnerability?is there a dll that scan for...
View ArticleOWASP tool exception Cross-Domain Misconfiguration
Hi,I am working on ASP.NET ,AZURE.We have deployed our website on AZURE Web App and run the OWASP tool to check security issues.It gives the exception on Cross-Domain Misconfiguration, for the...
View ArticleOWASP tool exception Anti CSRF Tokens Scanner and Source Code Disclosure -...
Hi,I am working on ASP.NET ,AZURE.We have deployed our website on AZURE Web App and run the OWASP tool to check for security issues.It gives the exception on Anti CSRF Tokens Scanner and Source Code...
View ArticleJavascript Hijacking Vulnerable Framework
<div>Hi, We use HP Fortify to audit our application. We get hundreds of "Javascript Hijacking: Vulnerable Framework" warnings with regard to the <asp:ScriptManager> block...
View ArticleProtecting a URL having parameters
Dear friends I am working with the QR code , the scenario is QR Code is containing the url , while scan with the QR code scanner is redirected to the url having certain parameters passed in it to...
View ArticleHow to upgrade to AntiXSS 4.3
When ASP.NET 4.5 was released, AntiXSS 4 was included in the Framework.Since then, AntiXSS 4.3.0 is the latest release. (Yes, I know it is no longer being developed etc.)How does one go about upgrading...
View ArticleStop reverse engineering
Hi,I have an application in mvc. I want to protect it so that no one could reverse engineer its dlls or if possible then want a some kind of encryption after reverse engineer.I also want to hide my...
View Articlecross posting/accessing direct url
HI,I am developing an application in MVC .I want that no one could cross posting (means unauthorized person can give the direct url and open the application ).I want to use something like antiforgery...
View ArticleTransferring Confidential Data Files From One Network (location) to Other
Dear Folks,I have a scenario where there are multiple operators (companies) reporting to one parent company (you can assume it as a different company altogether). Now, the operators have their secured...
View Articleentityframework security
Hi asp.net,I have a question about EF security.Are there any SQL Injection concerns with EF?If not, what are the security concerns with EF?Thankskourosh
View ArticleClik here to view.
System.Security.SecurityException when setting .NET Trust Level to High
Hello,I am getting System.Security.SecurityException when setting .NET Trust Level toHigh in IIS (version 8.0), please refer to below screenshot for further error details. I am using .NET framework...
View ArticleHttp tag Cache-Control contains public for WebResource.axd
I am required to fix a vulnerability in my web application wherein the Http tagCache-Control contains value public for WebResource.axd. I do not know what exactly needs to be done to fix it; probably I...
View Articlecannot find certificate local machine root store even after granting access...
hi all, I have installed a certificate that has to pass into a httpwebrequest to access a third party API.. so I have installed certificate into local machine root store and granted access to IIS...
View ArticleRun asp application in secured https localhost with visual studio 10...
Hello,I want to run my application with secure https connection in localhost without any IIS configuration. I am using VS inbuilt development server. How i can achieve this? currently, it is running...
View ArticleMy Local IIS not able to authenticate other projects hosted on Local IIS
Hi team, I am facing strange scenario for me where, I have a solution with three Projects. My project goes Like this. I have to Login from Home Project and I am authenticated and authorized to go to...
View ArticleCross Frame Scripting Vulnerability
We had a third-party security audit and they found a bunch of things that needed to be corrected. We fixed all of them, except for one. They claim we still have a problem with Cross Frame Scripting...
View ArticleWebsite Hacking
I have created and managed an asp.net website using C# through Visual Studio 2010 of our church denomination last year.After few months it was hacked but the hacker doesnot seem to interfere the SQL...
View ArticleAuthentication using Mobile number
I am in the process of developing web API(ASP.net) for a mobile app. The app wants to do authentication based on mobile number. My idea isThe user registers using his mobile number (An API will be...
View ArticleVulnerability (XSS)
I have a simple website form that take users' input and save that to a database. (e.g., names and email). very basic information.Recently, it fails Vulnerability scan and I am not sure what the...
View Article