Question Web application did not enforce a content security policy

Y

yugesh65n

Member
Joined
Jul 2, 2017
Messages
6
Programming Experience
3-5
Hi
I Have a Security Issue on my Web Application.
My ASP.NET Web application did not enforce a content security policy. This could potentially allow an attacker to insert malicious, executable content into the application's responses.
CSP is currently supported by most modern browsers, with the exception of Internet Explorer, which only offers partial support from version 10. The following browser versions have full support:
* Firefox - 23+
* Chrome - 25+
* Safari - 7+
The application did not include the CSP header in its responses. As such, an attacker could potentially insert crafted content, such as malicious JavaScript or CSS, which could result in XSS or CSS injection attacks on the application's users.
How Can I Prevent that?
Below are the Technologies Using:
C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.
Please assist me.
Thanks.
 
Sort by date Sort by votes
Cookies used by application did not have the HTTPOnly flag set.

Hi
Cookies used by My ASP.NET application did not have the HTTPOnly flag set.
This could allow a client-side script to access the cookie and reveal it to the attacker.
How Can I Prevent that?
 
Upvote 0 Downvote
The cookie's Secure flag was not set

Hi
HTTP cookie used by My ASP.NET Web application, it was determined that the cookie's Secure flag was not set. Without this flag, the cookie's contents could potentially traverse a clear text channel, which could result in an attacker gaining access to a user's session.
Please assist me.
Thanks.
 
Upvote 0 Downvote
Web application security of the communications being compromised

Hi
I Have a Security Issue on my Web Application.
On My ASP.NET Web application security of the communications being compromised on web server (SSL/TLS configuration) / weaker SSL implementations were supported.

Below are the Technologies Using:
C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.

Please assist me.
Thanks.
 
Upvote 0 Downvote
Web application was configured to return informative error messages

Hi
I Have a Security Issue on my Web Application.
My ASP.NET Web application was configured to return informative error messages. This could enable an attacker to understand the cause of the errors and use this information to develop further attack strategies.

Below are the Technologies Using:
C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.

Please assist me.
Thanks.
 
Upvote 0 Downvote

Similar threads

R
  • Question
create a dashboarding web app?
Replies
0
Views
1K
rolex1000
R
S
  • Question
Does anyone know why i might be getting the following CORS error?
Replies
1
Views
3K
Skydiver
Skydiver
R
  • Question
Asp.Net Core Web Api - System.InvalidOperationException: The required column was not present in the results of a FromSql
Replies
7
Views
6K
cjard
cjard
P
  • Question
ASP.NET JavaScriptError
Replies
0
Views
2K
patrick
P
D
  • Question
Question MVC LOG ON ERROR (if (!context.Database.Exis
Replies
1
Views
3K
jmcilhinney
J

Share this page

Latest posts

Back
Top Bottom