ASP.NET MVC AntiForgeryToken not bound to Session and does not have integrity...
I have been developing a web application where security is one of the highest priorities. We have been using the MVC built in AntiForgeryToken to prevent CSRF attacks. So far we have believed that it...
View ArticleIs my application secure?
Hi everyone,The security ofweb applicationsis a hot topic last months. I want to test my application for security issues like:- Cross-Site scripting;- Cross-Site request forgery;- See for more security...
View ArticleHow to send encrypted value of a textbox from client end to server end using...
While sending password value from client side to server side i need to encrypt textbox value using javascript and receive that encrypted value in the server side. Here in the link...
View ArticleHttp Referer Validation
We are using Page Refererlike thisHttpContext.Current.Request.ServerVariables("HTTP_REFERER")but this code working properly in IE only we need multi browserThanks in AdvanceMaheswaran Sankarappan R
View ArticleAny good tutorial to implement Identity without Entity Framework.
I am new to this and would love some tutorials on how to implement Identity without using EF.If I implement my own UserStore do I need Entity Framework?
View ArticleAppLocker cannot extract publisher information from signed Assembly
Hi,Our customer is using AppLocker to set rules on which executables can be run on the computer. When the customer specifies a particular executable, he got the following error:“the publisher...
View ArticleQuestion about proxies (server, port, etc)
Sorry guys, just trying to get my head around these things.Basically when my app is making a web request from another site and I have to set the proxy server name, username, password and port, does...
View ArticleHow to check my site is Vulnerable?
Hello,This week I launched a website. I know that site is vulnerable. I'm not expert in this section. Please help me to trace site problem.best regardsehsan
View ArticleGet unique MAC address of client machine via Browser
Hi All,I want to "Get unique MAC address of client machine via Browser" to restrict client to login into webasite only on single machine whose MAC address has Login rights.It should not allow user to...
View ArticleAppLocker cannot extract publisher information from signed Assembly
Hi,Our customer is using AppLocker to set rules on which executables can be run on the computer. When the customer specifies a particular executable, he got the following error:“the publisher...
View ArticlePage access for different Roles using Custom role provider
Hi All,In my project we should allow the page depend upon the roles. We are having 4 different roles 1.Admin 2.Manager 3.Supervisor 4.Accountant .The accountant is having access for only 4 pages . All...
View ArticleAppLocker cannot extract publisher information from signed Assembly
Hi,Our customer is using AppLocker to set rules on which executables can be run on the computer. When the customer specifies a particular executable, he got the following error:“the publisher...
View ArticleHow to implement AppHarbor.Web.Security module into asp.net webforms...
Hello dev’s,I am developing asp.net4.5 web forms application. For that i have my own user’s data tables in my MSSQL DB and am using entity framework 4 for my DAL. Know i want to use...
View Articleremove require ssl only from one page?
hi,as you can see in below linkhttp://www.sslshopper.com/iis7-redirect-http-to-https.htmlin ssl Settings section in iis theres require ssl checkbox that we force whole website be https could we set...
View ArticleSession/Authentication not removed server-side after logout
By doing a security review I noticed that authentication (.ASXP) and Session (ASP.NET_SessionID) were removed from the client using a standard set-cookie header. But, if those headers are suppressed,...
View ArticleJSON XSS Exploit
I read this great article at http://www.microsoft.com/en-gb/developers/articles/week02feb14/defence-mechanisms-in-asp-net-that-protect-against-cross-site-scripting-attacksThe article details how...
View ArticlePreventing theft of my web-application installed in LAN of client computer
I have made a web-application for a company. It uses SQL server at back end and it is coded in ASP_C#.netNow i will have to install the software in the client's LAN. Such that all the departments of...
View ArticleSQL Inject/ Blind Injection
Hello:The agency scanned the application and found out the automatic email that we send to our customers contains a link that is vulnerables to sql injection or blind injectionThis is the link in the...
View ArticleSigning JSON Web Token (JWT)
Hi,I would like to create a signed JSON Web Token (JWT) without using an X509 certificate. I would appreciate any help on how to do this using WIF.Thanks!
View Article