penetration-testing Archives

Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan

September 2, 2022 by Magenaut

I need to remove excessive headers (primarily to pass penetration testing). I have spent time looking at solutions that involve running UrlScan, but these are cumbersome as UrlScan needs to be installed each time an Azure instance is started.

Preparing an ASP.Net website for penetration testing

September 1, 2022 by Magenaut

Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the results return relate to the default behaviour of ASP .Net such as possible cross site scripting attacks etc.