Would IIS cache security setting?
HiI have an application that is using window authentication. I have enabled Windows authentication to the default web site and also my app.When user access to my app, it will by pass my login screen...
View ArticleUnable to connect to webservice in the server
Hi All,My webservice has been hosted in my server. I am able to access it from my local machine by giving the link in internet explorer.But when i tried to acces the webservice from the application, i...
View ArticleAsp.Net IT security issues.
Dear All,One of my client to whom I have given asp.net web application and is hosted on HTTP in Abbys server, while going through the IT security check they provided me the list of issues in...
View ArticlePlease help in validating excel file upload
Please help in validating excel file upload. I have done coding for uploadation of excel file, and i want to validate whether the file is really a excel or not . I have also checked by renaming an...
View ArticleASP.NET MVC AntiForgeryToken not bound to Session and does not have integrity...
I have been developing a web application where security is one of the highest priorities. We have been using the MVC built in AntiForgeryToken to prevent CSRF attacks. So far we have believed that it...
View ArticleCheck File Type
Im trying to check if a user actually uploaded a picture or some other junk like batch or who knows.I read on the forum that you must check the extension however the user can easily change .exe to...
View ArticleHashPasswordForStoringInConfigFile
What is an alternative to HashPasswordForStoringInConfigFile?First deprecated in the .NET Framework 4.5.The recommended alternative is to use the System.Web.Security.Membership APIs, such as...
View ArticleMaxHttpCollectionKey issue
Hi, I am facing an error while page post back which says"Opertaion Invalid due to current state of an object". When I set the value of maxhttpCollectionkey to 5000 it allows some more data rows to be...
View ArticleIs ASP.NET Padding oracle Vulnerability still open on IIS 8 and .NET...
As per my question title I am wondering if this vulnerability is still open as I am using Acunetix to test my applications and it keeps complaining about the vulnerability. I have implemented all the...
View ArticleClik here to view.
my website is always attacked
i have website configured to send me emails when it generates and errori get tons of error messages<div class="iw ajw">to me</div> <div class="ajy"></div> <div...
View ArticleWebmail Helper Hacked? (base64 encode tampering)
Hi all,I have been using the webmail helper recently but have noticed a number of "spoofed" IP's posting (testing holes?). The strange thing is I am using the anti forgery token as well as html...
View ArticleDigitally Sign Web Form Data
Hi, I am in a project in which I have to get data from the user through webform and submit it to the server after attaching the Digital signature from the user.Can anybody help me, how to digitally...
View ArticleIs my application secure?
Hi everyone,The security ofweb applicationsis a hot topic last months. I want to test my application for security issues like:- Cross-Site scripting;- Cross-Site request forgery;- See for more security...
View ArticleHow to send encrypted value of a textbox from client end to server end using...
While sending password value from client side to server side i need to encrypt textbox value using javascript and receive that encrypted value in the server side. Here in the link...
View ArticleHttp Referer Validation
We are using Page Refererlike thisHttpContext.Current.Request.ServerVariables("HTTP_REFERER")but this code working properly in IE only we need multi browserThanks in AdvanceMaheswaran Sankarappan R
View ArticleEncrypted SAML token from ADFS
I need your help on how to configure the MVC application so it can accept the encrypted SAML token return by ADFS.As background, I use ADFS as an identity provider in MVC web app and it works well...
View ArticleWindows authentication with custom user/role tables
Im getting ready to start a new web app and will be using windows authentication. I dont want to use the membership schema, and already have set of sql tables that have users and roles to check who is...
View ArticleIs this security vulnerability or any attack by hacker?
I've written error handler onto my site which send me a mail when error occurs. I have hosted my site on shared hosting.I often get this message:P3NWVPWEB006 Error...
View ArticleEventLogProvider exception IIS7
Hi Friends,we are working on asp.net 4.0 , windows server2008 R2 and we configure our application in IIS7 with windows authentication,From one week we are faceing this same issue EventLogProvider...
View Article