You must Sign In to post a response.
  • Category: .NET

    Security Audit Queries

    For Security Point of View
    Options method enabled on the server: HTTP methods can potentially pose a security risk for a web application, as they allow an attacker to modify the files stored on the web server and, in some scenarios, steal the credentials of legitimate users.

    How i can solve it.

    Thanks
    Nitin Sharma
  • #768239
    Hi,

    This is related to the Web Security issue which usually all the website faces.
    if you want to be set up a secured website you can make those website as a secured site by implementing HTTPS.
    So the all message while sending or receiving will pass through the security packet of SSL and no information will get leaked.

    To implement HTTPS in website kindly follow the below mentioned website.

    https://www.youtube.com/watch?v=gmxoC7HkylE

    https://msdn.microsoft.com/en-us/library/ff649211.aspx

    Thanks,
    Mani

  • #768250
    Hi,
    Some ideas:
    1. Treat the verbs as descriptors of the type of action the user wish to perform.
    Eg: If user is trying to use 'POST /users/-1/delete' , he is actually intended to use POST method. But in fact this statement will delete the files of user.
    2. Authenticate and authorize each of the users to perform all the actions as specified by your application.
    Eg: Assign roles to users.
    3. Try to use SSL.

  • #768287
    You can use Unsupported HTTP method to security risk for a web application. Here is the code snippet for authentication - HTTP header
     < HTTP/1.1 200 OK
    {
    "requestID": "11ed1981-7802-4fc2-acd6-dfcd1c05a288",
    "signature": {
    "text": "json"
    },
    "results": [
    {
    "text": "Couchbase is s useful database"
    }

    ],
    "status": "success",
    "metrics": {
    "elapsedTime": "3.455608ms",
    "executionTime": "3.116241ms",
    "resultCount": 1,
    "resultSize": 65,
    "mutationCount": 0,
    "errorCount": 0,
    "warningCount": 0
    }
    }
    $

  • #768292
    There are plenty of ways to secure your asp.net web application, here are some of them
    1. use authentication and Authorization
    2. Secure Communication
    3. Security Model for ASP.NET Applications
    4. Intranet Security
    5. Extranet Security
    6. Internet Security
    7. Enterprise Services Security
    8. Web Services Security
    9. Remoting Security
    10. Data Access Security
    for more details about security switch to following link
    https://msdn.microsoft.com/en-us/library/ff649100.aspx

    Thanks
    Koolprasd2003
    Editor, DotNetSpider MVM
    Microsoft MVP 2014 [ASP.NET/IIS]


Sign In to post your comments