Dangerous Request.Form with no source
Hey all,I am having a difficult time figuring out the reason behind this error message in IIS.There are a number of errors coming in, daily, reporting things such as the following:Type :...
View ArticleClik here to view.
Authorizing client script on a DataList
Hello everybody,Please tell me if this is not the good forum, I have difficulties to authorize client script in a user component when it is displayed on a DataList.To be more precise, I wrote a user...
View ArticleASP .NET Visual Studio HP fortify and web scan fourms sites
I have searching for HP fortify ASP .NET scanning sites but am unable to locate any. Does anyone know of any good sites?
View ArticleIs this security vulnerability or any attack by hacker?
I've written error handler onto my site which send me a mail when error occurs. I have hosted my site on shared hosting.I often get this message:P3NWVPWEB006 Error...
View ArticleFormAuthentication cookie hacked!!!
Hi All,Formauthentication cookie hacked on my production site. Please suggest me.1. In web.config file, I am using below:<forms defaultUrl="home.aspx" loginUrl="default.aspx" name="EncCk"...
View Article2990942 MVC Security Update not for Server 2012?
This came through Windows Update a couple days ago: https://technet.microsoft.com/library/security/ms14-059I updated my mvc app to use the new version in the gac, but now I publish my app to a Win...
View ArticleRisks of using Client side coding in ASP.NET
What the risks of using Client Side coding in ASP,NET, I mean by client side (HTML, Web API Storage, JavaScript and its libraries, JQueryand its libraries, JSON ... ). I read some articles talking...
View ArticleFormAuthentication cookie hacked!!!
Hi All,Formauthentication cookie hacked on my production site. Please suggest me.1. In web.config file, I am using below:<forms defaultUrl="home.aspx" loginUrl="default.aspx" name="EncCk"...
View ArticleASP.NET web application request is intercepted with Burp Suite Tool and modified
Dears,Security Team had found issue on ASP.NET Web Application request modified with burp Suite and request intercepted and posted to server.Due to there is security threat on web application.Please...
View ArticleSecuring the Cookie over HTTPS
hi,i have secured my site using SSL configuration with HTTPScould anyone please help me out on how to write the code or do configuration for "securing the cookie flag"Thank you in Advance.
View ArticleGoogle reports server hacked
Hi,I have a site that was written about 7 years ago in ASP.NET 2 which was recently the target of a compromise where the hackers dumped lots of HTML files on the site. After spending some time looking...
View ArticleSecure ASP.NET_SessionId
hi,how to secure the flag ASP.NET_SessionId in asp.net application. Please provide proper configuration steps or code changes i would like to see the Secure flag to be true for "ASP.NET_SessionId" in...
View ArticleCORS does not appear to be working
Hi,I have a Web.API hosted in my local IIS as http://smt_api/ in the WebApiConfig.cs I have put config.EnableCors(new CorsPolicyAttribute()); in the Register methond and added this class:using System;...
View ArticleWhat anti forgery token does?
i like to know briefly What anti forgery token does ? and what kind of security it provides?thanks
View ArticleForms Authentication quit working through reverse proxy.
Hello - I am in the process of creating a secure login that will server multiple applications. Access to this secure login passes through a reverse proxy. The address to get to the login app is like...
View ArticleEncrypt and Decrypt QueryString Parameter Values, using C#
Hi folks, need some help with my code, trying to encrypt 2 parameres, error message from the first prameter LinkID.Texterror messageString string.Trim() (+1 overload(s))Removes all leading and training...
View ArticleForms authentication failed for the request. Reason: The ticket supplied was...
HI , I have a webapplication hosted on server using form authentication , and this is not web farm there single server is involved and i am accessing this on a client machine and even tried accessing...
View ArticleMicrosoft.Security.Application.Encoder.CssEncode how to read result?
helloasp/net.4.webFormusing Microsoft.Security.Application.Encoder.CssEncode.string s = "background-color: rgb(165, 42, 42);" , s2 = Microsoft.Security.Application.Encoder.CssEncode(s); // s2 result =...
View ArticleASP.NET 4.5 and MaxHttpCollectionKeys limit
Does ASP.NET 4.5 still throw an exception when MaxHttpCollectionKeys is exceeded?We have an ASP.NET web forms page that may submit more than 1000 form items and we previously had to increase the...
View Articlexss on static contant and js
on a static content - how is it possible to launch an attack?if i got html page and jQuery that manipulate the dom - getting the data from txt file or from webService...and no user input are involve......
View Article