Improper Cache Control

View State Encryption: View state is the method that the ASP.NET page framework uses to preserve page and control values between round trips. The view state in store in a hidden field with an ID _VIEWSTATE. The view state value look like encrypted string ( Base64 encoded string) and it is easily decoded.

Read More
Posted By : Bipul Kumar Tiwari, 3/11/2016 10:57:34 AM
Updated On : 3/11/2016 10:57:34 AM

Disclosed Server Signature

HTTP Headers are used to provide the web server with information to assist with handling the request. In order to examine the HTTP Headers sent from your browser to a web server and those returned from a web server back to the browser, you need to install a program or browser add-on that exposes such data.Fiddler it a free, stand-alone application .An attacker can craft an attack by using information obtained from server signature and other signatures.

Read More
Posted By : Bipul Kumar Tiwari, 3/11/2016 10:57:34 AM
Updated On : 3/11/2016 10:57:34 AM

Cross Site Request Forgery

Cross- site request Forgery ( CSRF) is an attack where attacker to trick the victim into making an unintentional request considering it as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.

Read More
Posted By : Bipul Kumar Tiwari, 3/11/2016 10:57:34 AM
Updated On : 3/11/2016 10:57:34 AM

Security =>Clickjacking

The vulnerability exists due to lack of x-frame options in the response headers. In clickjacking attack, an invisible/transparent iframe of the legitimate website browsed by the victim is placed on some other web page which is controlled by the attacker. In simple word Frame sniffing is an attack technique that takes advantage of browser functionality to steal data from a website.

Read More
Posted By : Bipul Kumar Tiwari, 3/11/2016 10:57:34 AM
Updated On : 3/11/2016 10:57:34 AM

Browse By Category

Popular Articles