IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [asp.net]

ASP.NET is a Web application framework developed and marketed by Microsoft to allow programmers to build dynamic Web sites, Web applications and Web services.

ASP.NET is a Web application framework developed and marketed by Microsoft to allow programmers to build dynamic Web sites, Web applications and Web services. It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language. The ASP.NET SOAP extension framework allows ASP.NET components to process SOAP messages.

225 questions
0
votes
2 answers

malicious file on my websites, can't delete it

About 10 days ago I saw 2 unknown files on my websites (ASP.NET websites). they spread on all 3 of my websites, and placed them selves in the CSS folder. The first one was with the name of 'Paths.php' with this code in it. 500
Remy Jouni
  • 1
  • 1
0
votes
2 answers

Session id remain same after and before logging in asp.net application

Before logging in to the asp.net application, i checked the headers and there was already a session id in cookie header cookie: ASP.NET_SessionId=3de0es3brpfbcmvkzhkidsmt And when i logged in to the application, the same cookie header was present…
Usama Saeed
  • 1
  • 1
  • 2
0
votes
1 answer

Is it safe to send the user's encrypted password back to them in the browser? Why?

I have planned to send the encrypted password from the application back to the user. I am currently using AES to encrypt user passwords. I want to send the user's encrypted password back to them in the browser to help them with automatic logging in…
Jeeva Jsb
  • 177
  • 1
  • 1
  • 8
-1
votes
1 answer

Measures that must be taken to protect online banking website

I building an online banking service in ASP.NET and my objective is to implement all possible security measures. Currently at database level I am using RES 2048 bit encryption to encrypt database columns that contains confidential data. Also I am…
Aishwarya Shiva
  • 121
  • 7
-1
votes
2 answers

Hown I can test "Microsoft ASP.NET Forms Authentication Bypass" in ASP.Net 4.0.30319

I searched in google for "ASP.Net 4.0.30319 vulnerability " keyword. finally,I found "Microsoft ASP.NET Forms Authentication Bypass" in below link: http://dl.packetstormsecurity.net/1203-exploits/SA-20120328-1.txt but I don't know how to …
za_al
  • 21
  • 1
  • 1
  • 1
-1
votes
1 answer

Using certificates for authentication in a web site

Today i faced a web site related to government that showed me all of my certificates in a combobox for authentication on that web site. What were those certificates? How can i show them in a asp.net web site? Can browser access to those…
SilverLight
  • 101
  • 7
-1
votes
1 answer

XSS protection - escape symbols

Lets say we have private math/developers forum website made with asp.net. Users can post text-messages in topics. Based on OWASP articles we should escape symbols like: ' " < > / to prevent XSS attacks. But characters ' " < > / are too important for…
Ice2burn
  • 101
  • 3
-1
votes
1 answer

Local File Download(LFD) vulnerability exploit

I have found a arbitrary file download vulnerability in an asp.net application. I've downloaded the web.config and some other files. So what can i do with that "web.config" information ?(for example: connecting to database) This is an piece of…
Ros3
  • 1
-1
votes
1 answer

windows authentication vs ADFS

I have an ASP.NET website hosted on premises and only accessible by my company. I discovered that if I connect it to a server in the DMZ (open to the internet) even though the IIS folder is set to Windows authentication it still works in all…
j. doe
  • 55
  • 5
-2
votes
1 answer

Home PC has been compromised remotely and even after cleaning my PC repeatedly, the problem still comes back, help please?

I'm a regular guy running two small franchise businesses with a basic understanding of computers etc, (very basic really), but I am certain my home network has been hacked and I am finding lots of new devices installed on my PC without my consent. I…
Juicy
  • 9
-2
votes
1 answer

How are .NET websites hacked?

I have heard many times that hacking .NET websites is different from others. What's the technique used by hackers to hack .NET websites, and how can we secure .NET websites?
user3347714
  • 1
  • 3
-3
votes
1 answer

Using Old version of mysql connector's security issue

I'm using asp.net 4.0 and MySQL. Last week my hosting firm changed security level of from full to medium. MySQL connector doesn't work correctly anymore. For this reason I'm using old version of ADO.net MySQL connector version number 6.2.5. Does…
dgn
  • 124
  • 2
  • 4
  • 13
-3
votes
1 answer

Secuirty related certification/training for .NET Developers

I would like to know if there are any Free certifications related to writing secure code that myself and our team of .NET/AngularJS web-developers take up, So that we can write secure code and also assure our customers that the developers of their…
Guru Kara
  • 95
  • 3
-4
votes
1 answer

Why isn't ASP.NET source code compiled before it is published?

Why doesn't Visual Studio compile the source code (.cs) automatically before publishing, since they know perfectly well that the end-product website is going public? (Unless you're just building the website for your own fun.) Hackers can see .cs…
Piggy Chu
  • 1
  • 1
-5
votes
3 answers

How to be secure your page from Zeus Trojan?

How can I prevent from an attack like this? http://www.youtube.com/watch?v=bgt98VajOv4 Edit: Sorry guys, I think I can't explain my question well. I don't want to secure myself from that trojan. I want to secure my users. There are lots of sensitive…
Dogukan Demir
  • 1
  • 1
1 2 3
14
15