Using AntiXSS on store and read from db redundant?
Is there any point to pass information read frm a db through AntiXSS filters if the only way they could be saved to the db in the first place was going through an AntiXSS filter? I have dynamic pages...
View ArticleAccess denied Redirect
Hi,I have a folder called reports. I set the its security through "asp.net Configuration to deny * users but allow user AAAA. When user BBBB tries to access this folder, BBBB gets redirected to the...
View ArticleJavaScript Hijacking
Hi, I audited my application by a security software. And it gets "Javascript Hijacking: Vulnerable Framework" warning in my <asp:ScriptManager> block <asp:ScriptManager ID="ScriptManager1"...
View ArticleSecurity update MS11-100 breaks page output caching (Refer: KB2656351)
Environment: ASP.Net 4.0, IIS 7, Windows Server 2008 SP1, 64 bit Operating systemIn our ASP.Net application, we are adding cookies to HTTP response in Page_Load() event using the following code...
View ArticleHow Discovery vulnerability
Hello, everybody!Want Consult Everybody ,How Discovery And Learning vulnerability?Request Answer!Thank you
View Articlefolder browser not working with client
Hi experts,I download folderbrowser.dll (Shellfolderbrowser ,CP.windows.foms)and add in my aplication thats working fine in my machine but when i host the same its not woking in the client machine...
View ArticleWhat should I know about security?
Hi everyone, I am in the process of developing a subscription based website and use asp. Net's membership as the control over authenticating and logging in users to the members area. However, having...
View ArticleNot able to access a folder from a web application and able to access it...
Hi,I have a web application. In that we can upload a file to a location in two ways.1. We have a Fileupload control from which user can upload a file to a location(eg:\\testmachine\share) which is...
View Articleasp.net WebForms Ajax Recaptcha .Validate() is always returning false
I used this exact same technique before and it always worked. For some reason when I'm doing this now the isvalide is always returning false. Can anyone explain this? Any help would be great. Every...
View ArticleDoes ScriptResource.axd pose SQL Injection or other vulnerabilities?
IBM security scanning tool AppScan reports SQL injection vulnerability because of the "t" parameter to the ScriptResource.axd. Is there a justification from Microsoft that ScriptResource does not...
View Articlehow safe are session cookies?
I have a website where I store a ID from a database table in a session variable. That ID in turn gives access to private data to each user. Now my question is, how easy is it to steal or tamper with...
View ArticleSecurity measures
Hi all, I heard that there is a way to block print screen function and every function on the keyboard such as copy and paste. May I know how do I do that in my project? Means the users will only be...
View ArticleSecurity for a forum
We a small community members make a small community website just like this forum. We first of all make a PSD theme and than convert it to a CSS theme and developed with ASP .Net and now it's working...
View ArticleASP.Net coockies
I have enabled the secure flag for coockies by adding <httpCookies requireSSL="true" /> under system.webSo all the generated coockies must have secure flagdo i need to have more settings for...
View ArticleAppLocker cannot extract publisher information from signed Assembly
Hi,Our customer is using AppLocker to set rules on which executables can be run on the computer. When the customer specifies a particular executable, he got the following error:“the publisher...
View ArticleQuestion about proxies (server, port, etc)
Sorry guys, just trying to get my head around these things.Basically when my app is making a web request from another site and I have to set the proxy server name, username, password and port, does...
View ArticleHow to check my site is Vulnerable?
Hello,This week I launched a website. I know that site is vulnerable. I'm not expert in this section. Please help me to trace site problem.best regardsehsan
View ArticlePartial ASP.NET trust levels best security practice
I am currently updating the CIS IIS (and ASP.NET) benchmarks.Around I am reading constant confusing to misleading advice around partial trust.Most of this seems to relate...
View Article