Question Web application did not enforce a content security policy

yugesh65n

Member
Joined
Jul 2, 2017
Messages
6
Programming Experience
3-5
Hi
I Have a Security Issue on my Web Application.
My ASP.NET Web application did not enforce a content security policy. This could potentially allow an attacker to insert malicious, executable content into the application's responses.
CSP is currently supported by most modern browsers, with the exception of Internet Explorer, which only offers partial support from version 10. The following browser versions have full support:
* Firefox - 23+
* Chrome - 25+
* Safari - 7+
The application did not include the CSP header in its responses. As such, an attacker could potentially insert crafted content, such as malicious JavaScript or CSS, which could result in XSS or CSS injection attacks on the application's users.
How Can I Prevent that?
Below are the Technologies Using:
C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.
Please assist me.
Thanks.
 
Cookies used by application did not have the HTTPOnly flag set.

Hi
Cookies used by My ASP.NET application did not have the HTTPOnly flag set.
This could allow a client-side script to access the cookie and reveal it to the attacker.
How Can I Prevent that?
 
The cookie's Secure flag was not set

Hi
HTTP cookie used by My ASP.NET Web application, it was determined that the cookie's Secure flag was not set. Without this flag, the cookie's contents could potentially traverse a clear text channel, which could result in an attacker gaining access to a user's session.
Please assist me.
Thanks.
 
Web application security of the communications being compromised

Hi
I Have a Security Issue on my Web Application.
On My ASP.NET Web application security of the communications being compromised on web server (SSL/TLS configuration) / weaker SSL implementations were supported.

Below are the Technologies Using:
C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.

Please assist me.
Thanks.
 
Web application was configured to return informative error messages

Hi
I Have a Security Issue on my Web Application.
My ASP.NET Web application was configured to return informative error messages. This could enable an attacker to understand the cause of the errors and use this information to develop further attack strategies.

Below are the Technologies Using:
C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.

Please assist me.
Thanks.
 

Latest posts

Back
Top Bottom