Add next code in c:\inetpub\wwwroot\web.config
<system.web>
<httpCookies
httpOnlyCookies="true"
requireSSL="true" />
</system.web>
References:
[1] http://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont
[2] http://forums.asp.net/t/1756774.aspx
[3] http://www.enterprisenetworkingplanet.com/netsecur/ten-tips-to-make-your-ssl-secure.html
[4] https://www.owasp.org/index.php/HttpOnly
[5] http://xss.cx/examples/dork/programming/ssl-cookie-without-secure-flag-set-example.html#1.7
Friday, September 27, 2013
Asp.Net Insecure Session Cookie Handling Vulnerability
Labels:
ASP.NET,
ASP.NET MVC,
Security,
Windows.Developer
Subscribe to:
Post Comments (Atom)
-
Sunedu Renacyt 1) https://ctivitae.concytec.gob.pe/appDirectorioCTI/ 2) http://regina.concytec.gob.pe 3) https://www.gob.pe/9648-ser-p...
-
Resources: [1] Hela https://ome.grc.nia.nih.gov/iicbu2008/hela/index.html
-
en inglés se llama “A potentially dangerous Request.Form value was detected from the client”. varias páginas indican dos cosas: 1. agrega...
Firefox open multiple private window
/opt/firefox/firefox-bin --profile $(mktemp -d) --private-window www.google.com www.bing.com
No comments:
Post a Comment