Friday, September 27, 2013

Asp.Net Insecure Session Cookie Handling Vulnerability

Add next code in c:\inetpub\wwwroot\web.config


    <system.web>
      <httpCookies
             httpOnlyCookies="true"
             requireSSL="true" />
    </system.web>


References:
[1] http://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont
[2] http://forums.asp.net/t/1756774.aspx
[3] http://www.enterprisenetworkingplanet.com/netsecur/ten-tips-to-make-your-ssl-secure.html
[4] https://www.owasp.org/index.php/HttpOnly
[5] http://xss.cx/examples/dork/programming/ssl-cookie-without-secure-flag-set-example.html#1.7


By at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
  • Common datasets for image processing and computer vision
    Resources: [1] Hela https://ome.grc.nia.nih.gov/iicbu2008/hela/index.html
  • jQuery Plugins
    mas plugins http://devsnippets.com/reviews/using-jquery-to-style-design-elements-20-impressive-plugins.html http://www.extjs.com/deploy/dev/...
  • Serie Rosa
    Episodios: Épisode 1 : La Libertina de calidad (Le Libertin de qualité) Épisode 2 : La Apuesta de las tres cotillas (La Gageure des tr...

Vectorize PNG to SVG

No Login  [1] https://www.freeconvert.com/png-to-svg   [2] https://svg-converter.com/potrace  Loging required [2] https://www.recraft.ai [3]...