Add next code in c:\inetpub\wwwroot\web.config
<system.web>
<httpCookies
httpOnlyCookies="true"
requireSSL="true" />
</system.web>
References:
[1] http://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont
[2] http://forums.asp.net/t/1756774.aspx
[3] http://www.enterprisenetworkingplanet.com/netsecur/ten-tips-to-make-your-ssl-secure.html
[4] https://www.owasp.org/index.php/HttpOnly
[5] http://xss.cx/examples/dork/programming/ssl-cookie-without-secure-flag-set-example.html#1.7
Friday, September 27, 2013
Asp.Net Insecure Session Cookie Handling Vulnerability
Labels:
ASP.NET,
ASP.NET MVC,
Security,
Windows.Developer
Subscribe to:
Post Comments (Atom)
-
Resources: [1] Hela https://ome.grc.nia.nih.gov/iicbu2008/hela/index.html
-
en inglés se llama “A potentially dangerous Request.Form value was detected from the client”. varias páginas indican dos cosas: 1. agrega...
-
mas plugins http://devsnippets.com/reviews/using-jquery-to-style-design-elements-20-impressive-plugins.html http://www.extjs.com/deploy/dev/...
Odoo 17 - Custom adds
[1] Diario/Seq https://apps.odoo.com/apps/modules/17.0/sequence_for_journal
No comments:
Post a Comment