general security issues

hi i'm doing an assignment on the security issues of active server pages. i was wondering if anyone could outline the major security issues for me. if you could i'd really appreciate it!
0
rosie_chik
5/6/2004 8:29:21 PM
asp.net.security 27051 articles. 1 followers. Follow

2 Replies
590 Views

Similar Articles

[PageSpeed] 22

biggest security issue in ASP? ASP Developers. without a question.
RTFM - straight talk for web developers. Unmoderated, uncensored, occasionally unreadable

Jason Brown - MVP, IIS
0
Atrax
5/7/2004 1:39:50 AM
As Jason points out, crappy coders are the biggest problem :-)

The crappy code tends to be vulnerable to the following types of attacks:
-SSL Injection Attacks
-Cross Site Scripting Attacks
-Replay Attacks/Cookie theft
-Man-in-the-middle attacks
You can get info on these at the OWASP website. They have a guide that covers many of these problems:
OWASP Guide
Cheers
Ken
0
Ken
5/7/2004 2:47:23 AM
Reply:

Similar Artilces:

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

java.security.Security issue
Hi, EAServer 4.2 build 42012 on NT (jdk13). This code works as a Java clientapp but not when the code is inside an EJB in EAServer? Can we register Security provider dynamically? // system var. System.setProperty("javax.net.ssl.keyStore", "<val>"); System.setProperty("javax.net.ssl.keyStorePassword", "<val>"); System.setProperty("javax.net.ssl.trustStore", "<val>"); System.setPropert("javax.net.ssl.trustStorePassword","<val>"); System.setProperty("javax.net.debug", &...

(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-) Latest issue, #13: http://www.net-security.org/insecuremag.php (86 pages, with ads [not animated ads] - like a printed magazine) Archives of past issues: http://www.net-security.org/insecure-archive.php ISSUE 13 (September 2007) * Interview with Janne Uusilehto, Head of Nokia Product Security * Social engineering social networking services: a LinkedIn example * The case for automated log management in meeting HIPAA compliance * Risk decision making: whose call is it? * Interview with Zulfikar Ramzan, Senior Principal Re...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

battle.net security issues?
My 13 year old plays Diablo II and wants to game online through battle.net and I am nervous leery and uninformed about possible hazards. Which GRC group would be most appropriate? [I don't have any experience with gaming] What should I do to preserve security and privacy [aside from not allowing the gaming]? Thanks. PJ "Patric Jackson" <jaxon@jaxon.org> wrote: >My 13 year old plays Diablo II and wants to game online through >battle.net and I am nervous leery and uninformed about possible hazards. >Which GRC group would be most appropriate? [I don&...

Issue related with secure AuthenticationType i.e. AuthenticationTypes.Secure
So when i use DirectoryEntry MyDirectoryObject = new DirectoryEntry(LDAPServerString, UserName,Password, AuthenticationTypes.Serverbind);  I can work with LDAP no problem, create new users etc..  But when I use  DirectoryEntry MyDirectoryObject =  new DirectoryEntry(LDAPServerString, UserName,Password,AuthenticationTypes.Secure);  I get 2 types of errors 1] Unknown error 2] Invalid dn syntax has been specified. The user details are correct and they are the user details of the directory manager. What is going wrong here ?...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

Security Briefs: Security Enhancements in the .NET Framework 2.0
Security Briefs: Security Enhancements in the .NET Framework 2.0 http://msdn.microsoft.com/msdnmag/issues/05/01/SecurityBriefs/default.aspx *********************************************************** Quote *********************************************************** As I write this column, version 2.0 of the Microsoft .NET Framework is at Beta 1. When I got my bits, I hacked together a little program to dump all of the public members of all public types in the entire Framework and ran it on version 1.1 as well as 2.0. I then used WINDIFF.EXE to compare the two text files, and s...

Web resources about - general security issues - asp.net.security

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

Lake Chad: Triple suicide blasts kill 27, security sources say
BBC News Lake Chad: Triple suicide blasts kill 27, security sources say BBC News Three suicide attacks have hit an island on Lake Chad, killing ...

Samsung updates Lollipop firmware to show Android security patch level
Responding to a spate of Android vulnerabilities and exploits, Samsung was one of the first companies to announce a move to monthly security ...

Boston police detonate suitcase ditched near Homeland Security vehicle
Flowery suitcase with wires and a power source inside was dropped by a man who quickly left the area

Orange County Sheriff's Office beefing up security
The Orange County Sheriff's Office said it will beef up security in populated areas like Orlando, but people News 6 spoke to said they're not ...

Homeland Security Chair: ‘The Tentacles Of ISIS’ Are In The US
'This is an act of terrorism and these occurrences are happening too frequently.'

Yemen's Aden governor killed in suicide car bombing: Security sources
Yemen's Aden governor killed in suicide car bombing: Security sources - They said at least six of his entourage also died in the attack, which ...

Resources last updated: 12/7/2015 7:20:04 AM