Add next code in c:\inetpub\wwwroot\web.config
<system.web>
<httpCookies
httpOnlyCookies="true"
requireSSL="true" />
</system.web>
References:
[1] http://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont
[2] http://forums.asp.net/t/1756774.aspx
[3] http://www.enterprisenetworkingplanet.com/netsecur/ten-tips-to-make-your-ssl-secure.html
[4] https://www.owasp.org/index.php/HttpOnly
[5] http://xss.cx/examples/dork/programming/ssl-cookie-without-secure-flag-set-example.html#1.7
Friday, September 27, 2013
Asp.Net Insecure Session Cookie Handling Vulnerability
Labels:
ASP.NET,
ASP.NET MVC,
Security,
Windows.Developer
Subscribe to:
Post Comments (Atom)
-
Resources: [1] Hela https://ome.grc.nia.nih.gov/iicbu2008/hela/index.html
-
Episodios: Épisode 1 : La Libertina de calidad (Le Libertin de qualité) Épisode 2 : La Apuesta de las tres cotillas (La Gageure des tr...
-
en inglés se llama “A potentially dangerous Request.Form value was detected from the client”. varias páginas indican dos cosas: 1. agrega...
Vitamina D - Cancer
[1] https://ensedeciencia.com/2023/10/14/la-potente-vitamina-que-protege-frente-al-cancer-de-prostata-y-otros-tipos-de-cancer/
No comments:
Post a Comment