Friday, September 27, 2013

Asp.Net Insecure Session Cookie Handling Vulnerability

Add next code in c:\inetpub\wwwroot\web.config


    <system.web>
      <httpCookies
             httpOnlyCookies="true"
             requireSSL="true" />
    </system.web>


References:
[1] http://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont
[2] http://forums.asp.net/t/1756774.aspx
[3] http://www.enterprisenetworkingplanet.com/netsecur/ten-tips-to-make-your-ssl-secure.html
[4] https://www.owasp.org/index.php/HttpOnly
[5] http://xss.cx/examples/dork/programming/ssl-cookie-without-secure-flag-set-example.html#1.7


By at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Odoo 17 - Custom adds

    [1] Diario/Seq https://apps.odoo.com/apps/modules/17.0/sequence_for_journal