Is my application secure?
Hi everyone,The security ofweb applicationsis a hot topic last months. I want to test my application for security issues like:- Cross-Site scripting;- Cross-Site request forgery;- See for more security...
View ArticleHow to send encrypted value of a textbox from client end to server end using...
While sending password value from client side to server side i need to encrypt textbox value using javascript and receive that encrypted value in the server side. Here in the link...
View ArticleHttp Referer Validation
We are using Page Refererlike thisHttpContext.Current.Request.ServerVariables("HTTP_REFERER")but this code working properly in IE only we need multi browserThanks in AdvanceMaheswaran Sankarappan R
View ArticleIs the acunetix perfect for Vulnerability scan?
HiI am going to check my site's security issues by acunetix. Am I in a right way?I found about acunetix in the www. Acunetix.com website.Really appreciate
View ArticleX-Frame-Options
hii'm configuring X-Frame options in Response header of IIS for ASP.NET ApplicationThe Application got blocked if it is being tried to access from other app, but the actual application (real app) also...
View ArticleInvalid value for 'encryptedTicket' parameter problem with Chrome Version...
We are in development of a web-application and this error suddenly happens in my boss' pc and we are not knowing how many users are getting this error and worrying. So please Help. My machine works...
View Articledid MS11-100 add default Response headers?
I happen to have screen grabbed the response headers on our asp.net 4/IIS 7 website late December for a security audit. Today, I noticed they are different, a couple of new headers were added...
View ArticleASP .NET MVC C# recommended code solution fix for a Web Inspect HP Fortify...
I have been trying to find a code repair for a Web Inspect HP Fortify report class II finding. I have a case where the IA error, Information disclosure vulnerability has been caused by poor error...
View ArticleASP .NET findings and solutions guides
I have been looking for some type of ASP .NET security vulnerability issues and recommended code modifications documentation but have not found any detailed documentation. Has anyone found such...
View ArticleSecurity issue reading xml file sent as attachment
In my project I receive Emails with xml attachments, I read these attachments and insert relevant information into the DB.(myxmldocument.SelectSingleNode("/info").InnerTextWhich security precautions...
View ArticlePreventing security vulnerability CAT II STIG but allowing the MVC to log...
I am creating an application that needs to allow exceptions to be rethrown so that my Global.asax Application_Error(object sender, System.EventArgs e) routine can write each exception to the log file,...
View ArticlePassword between server and client is being passed in clear text or not
Could you please guys check this url and please let me know that the Password between server and client is being passed in clear text or not? Or you could please tell me the name of the tool, by using...
View ArticleFile Uploader giving HTTP Error in Firefox
Hi,I am doing a project in MVC and using file uploader to upload image. The image uploader is working fine in Chrome but failed to work in Firefox. I have installed Flash,Java plugin and Shockwave but...
View ArticleHow to create a generic Oracle/SQL error messages in .NET
Hello:I have a bunch of .NET applications on the intranet website. I need to create a generic error message when there is an error occurs due to Security concerns . How to create a generic for...
View ArticleClik here to view.
How to implement Asp.net membership in my developed web application
Hi all, I am working on a web application. I already completed it. But when I gone through security audit, I came to know that I should use asp.net membership for, login, password change,...
View ArticleEncoding password sent to MVC web service reports vulnerability issues
We are using the code below to pass an user password to a MVC web service encoding its value. The problem that when we run a HP fortify web scan on the application we are getting "password management...
View ArticleClik here to view.
Password is still in plain text
Hi all, In my web application, I am create user using (MD5 and salt) technique. Once the user is created I do login with the same user id. The password should not be in clear, for that what...
View ArticleDeployment
Hi everyone,I am deploying my site like traditional way of asp.net .Publish code then deploy that code on server.My issue is ;when i publish code its creating DLL of files.There is security concern...
View ArticleDOM-Based Cross-Site Scripting
I am not very familiar with DOM-Based Cross-Site Scripting but have been informed that the following lines of code (taken from a .js file) below are leaving my site vulnerable:document.write("<PARAM...
View ArticleRfc2898DeriveBytes for password hash not allowing for a longer Encryption Key
I have been using this Rfc2898DeriveBytes encryption method with success. The Encryption key is excactly 15 characters. Now my boss wants me to make the Encryption Key three times longer. I have...
View Article