IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [asp.net]

ASP.NET is a Web application framework developed and marketed by Microsoft to allow programmers to build dynamic Web sites, Web applications and Web services.

ASP.NET is a Web application framework developed and marketed by Microsoft to allow programmers to build dynamic Web sites, Web applications and Web services. It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language. The ASP.NET SOAP extension framework allows ASP.NET components to process SOAP messages.

225 questions
0
votes
1 answer

Why ASP.Net Identity sends sensitive information to clients?

As far as I understand, Identity sends to the user an encrypted token with some user information like the user name and expiration date. Then, when a new request arrives to the server, it decrypts it and will have available all the user claims and…
Ignacio
  • 123
  • 4
0
votes
2 answers

How to prevent XSS attacks in ASP web application

In my web application, while doing the penetration testing two XSS vulnerabilities identified in some text input. that field testing using followin cheets,
Sachith
  • 101
  • 3
0
votes
1 answer

How to implement Anti-CSRF method?

I have created a ASP.NET project and I want to implement Anti-CSRF method in my project. How to do that?
Akash Daniel
  • 41
  • 1
  • 1
  • 3
0
votes
0 answers

Is it secure to prevent CSRF in API without using CSRF cookie (only CSRF token sent in header of ajax requests)?

There is a standard method of preventing a CSRF attack by comparing a value in a special cookie (that is posted automatically with each request) and some value that is coming either in form post (from html) or in a header with ajax…
Ilya Chernomordik
  • 2,197
  • 1
  • 21
  • 36
0
votes
1 answer

Get client ip address that is not spoofed

I am using the following source code to get a client IP address, Public Shared Function GetIPAddress() As String Dim context As System.Web.HttpContext = System.Web.HttpContext.Current Dim sIPAddress As String =…
user960567
  • 2,461
  • 4
  • 16
  • 16
0
votes
1 answer

PHP code execution attempts on an ASP website

I found multiple PHP code execution attempts on my web server, which is running on asp. What happens when one attempts to execute php code on an asp web server? Will this create an impact on the server, and is there any chance of getting…
Mrj
  • 1
0
votes
0 answers

How to store SSN in asp.net web-based application on a short-term basis?

After scouring the web to find countless similar questions, I still find it important enough to ask based on my client's specific requirements. Now I know most if not all are not a lawyer, but if you've had experience in this field, please…
user1447679
  • 246
  • 1
  • 5
0
votes
1 answer

I'm not sure if this Website is SQL Injectable

I think I found an SQL vulnerability; the request and response can be found below. I'm not sure because it is showing a normal error (it's in French) instead of showing an SQL error. I also tried to SQL inject the user page (after I logged in…
Adel M.
  • 1
  • 2
0
votes
2 answers

How to extract data using SQL injection on a vulnerable ASP.NET application?

I managed to find a vulnerability in a so-called friend of mines website and I want to show him that his website is vulnerable to data extraction. When I use something like yes')-- as post I get the following debug info: You have an error in your…
an4rei
  • 9
  • 3
0
votes
0 answers

Prevention of host header injection in ASP.NET?

How can we mitigate host header injection in ASP.NET? I have already configured application binding in IIS and set static hostname but still, the vulnerability exists.
codeur
  • 581
  • 2
  • 6
  • 12
0
votes
0 answers

ViewStateUserKey .NET CSRF protection

In a typical PHP web application you append a hidden CSRF Token in each form and this token is validated when the request is submitted in the server side. I am performing a penetration test in a .NET application and I want to learn more about the…
XII
  • 524
  • 1
  • 6
  • 14
0
votes
1 answer

What attacks is my website subceptable to and how can I prevent them?

I am developing a website using this book. From my knowledge and from the book, the major issues that I would have to look out for are XSS, CRSF and SQL injection attacks. I have found that there is ample resources, plugins and solutions that can…
Boolean
  • 193
  • 2
  • 9
0
votes
2 answers

Is this a true CSRF attack?

I have been fixing a asp.net web forms application that has a number of vulnerabilities that were discovered by an outside pen testing firm. I have recently implemented a double submit cookie with the asp.net AntiForgery library. Also setting…
ParleParle
  • 1
0
votes
2 answers

Is it safe and secured to use Mono-Project for Ubuntu to run a ASP.NET with a MySQL database?

I am looking to rent a VPS server to host a game server, MySQL database and an ASP.NET site on it. A Windows server is too expensive for me but Mono-Project for Ubuntu does everything that I need it to do. Question is - is it as secured as running…
Itay080
  • 185
  • 1
  • 1
  • 6
0
votes
1 answer

Secure compiled .NET source code applications ASP.NET and Windows Forms

Right now I'm working as a software development leader in my enterprise. Here's the main issue of everything. A software developer that works with us. There has been some rumours about this user sharing/developing software for other enterprise that…
NathanWay
  • 559
  • 7
  • 14
1 2 3
14
15