There is a threat for file access named path canonicalization. Canonicalization is a process for converting data in standard (or canonical) form and it refers to the action that builds a path in a safe form. The next picture shows this process:
Path canonicalization in action. If an attacker passes special characters, such as .. or …
How to handle and display user input to protect ASP.NET web application from XSS in VB.NET
Cross site scripting (or XSS) is the most insidious kind of attack because it’s quite often invisible at first glance. XSS is based on some code (markup or JavaScript) that is injected into your page. The most common is related to that’s saved in a database after end user input and then loaded in a page. The next …
How to handle and display user input to protect ASP.NET web application from XSS in C#
Cross site scripting (or XSS) is the most insidious kind of attack because it’s quite often invisible at first glance. XSS is based on some code (markup or JavaScript) that is injected into your page. The most common is related to that’s saved in a database after end user input and then loaded in a page. The next …
You can use approach described in the article How to handle improper parameter values in ASP.NET in VB.NET to create a blocking engine to handle and improve parameter values. You should manage invalid requests and notify the client about any invalid parameters that were passed in. You should reply to the request using one of the specific error …
You can use approach described in the article How to handle improper parameter values in ASP.NET in C# to create a blocking engine to handle and improve parameter values. You should manage invalid requests and notify the client about any invalid parameters that were passed in. You should reply to the request using one of the …
How to handle improper parameter values in ASP.NET in VB.NET
You should take care about the values coming with the HTTP requests, because improper values are dangerous. These values can alter behavior of your application, generate runtime exceptions, and expose the error details to an attacker. You need to inspect these values and protect your application, by using a unified approach to sanitize them.
You can improve the security …
You should take care about the values coming with the HTTP requests, because improper values are dangerous. These values can alter behavior of your application, generate runtime exceptions, and expose the error details to an attacker. You need to inspect these values and protect your application, by using a unified approach to sanitize them.
You …
The article How to hide URL query information in ASP.NET in VB.NET describes a class named EncryptedQueryString which is used in the next example to illustrate how you can use it in your projects. You have to build two web pages:
– The first one (QueryStringSender) can contain a text box for entering …
The article How to hide URL query information in ASP.NET in C# describes a class named EncryptedQueryString which is used in the next example to illustrate how you can use it in your projects. You have to build two web pages:
– The first one (QueryStringSender) can contain a text box for …
In many cases, the URL query contains information that should keep on hidden from the user. You can switch to another form of state management or encrypt the query string. You can encrypt the query string by using the cryptography classes provided with .NET and by leveraging the DPAPI.
As a first step you should build an …