IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [asp.net]

ASP.NET is a Web application framework developed and marketed by Microsoft to allow programmers to build dynamic Web sites, Web applications and Web services.

ASP.NET is a Web application framework developed and marketed by Microsoft to allow programmers to build dynamic Web sites, Web applications and Web services. It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language. The ASP.NET SOAP extension framework allows ASP.NET components to process SOAP messages.

225 questions
1
vote
1 answer

Is it worth reporting a asp.net runtime error?

I found a runtime error on united.com. Is it worth submitting? The exception doesn't seem to show any identifiable information.
Casey
  • 11
  • 1
0
votes
1 answer

Security benefits to have IP-filter in HttpModule instead of Page-Load in asp.net pipeline?

I'm working on implementing an IP-filter which blocks all requests by machines outside our IP-range. This is for an asp.net project (written in c#). I've read on multiple forums that the safest way to put your IP-filter code is in an HTTP Module…
user1531921
  • 103
  • 1
0
votes
1 answer

Is the ASP.NET .ASPXAUTH cookie value always the same for a given user?

Is the ASP.NET .ASPXAUTH cookie value always the same for a given user?
westbeam87
  • 419
  • 4
  • 11
0
votes
1 answer

Does ASP.NET guarantee the integrity of a page's controls on a post back?

Say you have an ASP.NET page that lists the prices for certain items in labels. I know it's cringe-worthy, but say you took the price of the item from the label on the page to determine what the user is charged for their order. Does ASP.NET…
John
  • 2,242
  • 2
  • 28
  • 45
0
votes
1 answer

How do I inject JavaScript into a JPG image and execute it when uploaded?

I've recently joined a security project, and received a task to demonstrate the risk related to an end-user uploading an image containing embedded (malicious) JavaScript code. I used EXIFeditor to inject JavaScript code in an image's imgdescription…
Sora
  • 109
  • 1
  • 3
0
votes
3 answers

Restrict request to Android and Iphone App only?

I have a ASP.NET/IIS server. I want to restrict my server to only accept request from Android and Iphone(IOS) applications. I have heard about HMAC. Can HMAC help me?
user960567
  • 2,461
  • 4
  • 16
  • 16
0
votes
1 answer

Is ASP.net More Secure than PHP in GENERAL?

In other words, my (long version) question is: Are developers able to get away with, more using ASP.net than PHP in terms of writing secure code for their apps? I ask this because ASP.net has many built-in security mechanisms such as SQL injection…
Dax
  • 81
  • 2
  • 3
0
votes
1 answer

Is the .AspNet.Application cookie vulnerable to CSRF attacks?

I have an MVC application that has undergone SAST. The scan detects a potential XSRF/CSRF vulnerability. The application rewrites the .AspNet.ApplicationCookie setting SameSite=Strict: protected void Application_PreSendRequestHeaders(object sender,…
monkeySeeMonkeyDo
  • 1
  • 2
0
votes
0 answers

Best way to encrypt client side data for SaaS inside the web

I am planning a SaaS-solution, where my clients store and save sensitive data on my servers. Security is a big point as it makes a product more trustworthy, so my thought was that the data which I retrieve from my clients should be encrypted on…
Robert Wolf
  • 1
  • 1
0
votes
1 answer

ASP.NET Core - are files put in the Shared folder under Pages (where the Razor pages reside) publicly accessible?

Are files put into the Pages/Shared folder public to the whole WWW if the website is hosted publicly? I am asking since I want to implement a partial view load thru a controller and want to know whether it's secure. I am using ASP.NET Core version 6…
Munchkin
  • 212
  • 2
  • 10
0
votes
1 answer

My website keeps getting infected

I recently started getting this really weird problem where a virus seems to pop up as frequently as once a week in my site. It is running on BlogEngine and basically what happens is this: A bunch of .PHP files start appearing in my site folders It…
TheGateKeeper
  • 109
  • 1
0
votes
1 answer

Comparison between Data Encryption Tools and Data Sanitization Tools

What are the famous Data Sanitization Tools for languages such as ASP/PHP/Html Web Sites? Which Data Sanitization tools have the best results? Difference between Data encryption and Data Sanitization tools with respect to their features? Can we…
Salman
  • 101
  • 1
  • 11
0
votes
2 answers

Content-Type and Code Execution

I just got a message from a security guy that my application is executing remote code if they pass a Content-Type: image/asp. For now he does not disclose anything. Now my question is that if I am using ASP.NET 5 MVC application using IIS webserver…
user960567
  • 2,461
  • 4
  • 16
  • 16
0
votes
2 answers

ASP.Net XSS - How does this vulnerability work

I have been tasked with fixing a XSS issue in an ASP.Net application, but I have never seen this kind of attack before so first it would be great if I could understand how this is working and then I need some help because I haven't been able to fix…
Sergio Romero
  • 101
0
votes
0 answers

Sqlmap waf bypass

This is my first post here, sorry for my english. Im making some test around, because i want to learn more about sql injection. Im not really good as manual sql injection, so im using sqlmap. what im know from my target is: Asp.net application Mysql…
Tessaiga
  • 1
1 2 3
14 15