How do I ensure that X-HTTP-Method headers are ignored?
I’m currently applying security fixes for a vulnerability which was found by a third party software. This is the issue (Often Misused: HTTP Method Override vulnerability).
security
Expire the source code after certain time
We have to deliver some source code for asp.net website (.net framework 4) to the customer Before receiving the Payment. I am wondering if there is some way (by means of some code or tool etc.) that we can expire/invalidate the source code after some set period of time so that the customer will not … Read more
Are there a way to block queries that come to another server?
I made a Json web token to protect my services but now somebody has made a lot of queries on my data base using my login service. Are there a way to block queries that come to another server?
How can I not secure one cookies in Asp.Net if Web.Config secure all cookies?
If the Web.config has this setting:
Make REST API respond only to known clients
I have a .Net Core REST API. and a native mobile app (also a SPA).
Adding Security Headers to ASP.NET Core 3.1 Web Api
I am in need to add some security headers to my new ASP.NET Core 3.1 Web API. In MVC and webform I used to do with below codes in web.config file:
What are all the user accounts for IIS/ASP.NET and how do they differ?
Under Windows Server 2008 with ASP.NET 4.0 installed there is a whole slew of related user accounts, and I can’t understand which one is which, how to they differ, and which one is REALLY the one that my app runs under. Here’s a list:
ASP.NET Identity’s default Password Hasher – How does it work and is it secure?
I am wondering wether the Password Hasher that is default implemented in the UserManager that comes with MVC 5 and ASP.NET Identity Framework, is secure enough? And if so, if you could explain to me how it works?
What is the App_Data folder used for in Visual Studio?
When creating a new ASP.NET application in Visual Studio, a couple of files and folders are created automatically. One of those folders is called App_Data.