I am in trouble in to remove malicious code from our so many site , develope in asp.net andn in asp.
Most of the time hacker inject the code in Body tag at onload evenet and also at the end of html tag using Java Scriprt.
how to prevent it by programing a code in asp.net or in java script or by other...
My app creates a randomly-generated password when an account is created. I just tried to log in with a new account, and ASP.Net treated the following password as malicious input:
vkx&#!n#
Do we know why this particular password triggers a validation exception?
Exception information: Exception type: HttpRequestValidationException Exception message: A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$txtPassword="vkx&#!n#").
I have a web application where I want to stop any malicious JS to execute.
For example:
http://www.mywebsite.com/default.aspx?ID=<script>alert("hello")</script>
If a client does the above then an alert box pops up on the client screen. How to stop that.?
Also I have set validateRequest="true" in the machine.config but still the JS does get execute.
a major problem from Cross-Site ScriptingAttack, Below is sample script which automatically gets inserted into my HTML and ASPX Pages.
"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"
I have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
[code]...
I will have my asp.net site on a shared hoster. Whats the best way to prevent others hacking and viewing my code? The code I most want to secure is in usercontrols and some more code is in class modules. vb.net/MSVS2005/Ajax) Or do I secure the whole site? I also here some encypting code tools cant handle sophisticted code. Also does encryption slow down code and make the site harder to manage...
View 4 Repliessuppose we've created a web app for our customers.
how to prevent to access web page code (aspx code or behind code) for our customers ?
how to implement security and licensing information for web apps ?
i want to learn ways of hacking for avoid them in aspow do hackers hacking web sites?and how do avoid them?
View 2 Repliesi need to dynamically add HTML codes that contains some asp.net controls.
View 4 RepliesHow to protect our website from Hackers. I have developed a website. This is still on a demo url. This is not on the original url but i see that some people in USA and other countries are accessing the page with my old urls. I get the mail of error report with IP address of the user.some user try with wrong url like [URL]. How i will protect my website from these types of users and also from Hackers.
View 1 RepliesHow can I prevent my asp.net 3.5 website from being screen scraped by my competitor? Ideally, I want to ensure that no webbots or screenscrapers can extract data from my website. Is there a way to detect that there is a webbot or screen scraper running ?
View 7 RepliesI have a subdomain on which I have put up all the js code for my webiste to interact with another application. For eg: at code.example.com Whenever, the user types this address,code.example.com, all the contents of the directory are listed. How do I prevent this thing? I do not have nay index.html or index.aspx here.
View 1 RepliesTo have a better secure application, we have to prevent cross site scripting.
I have application that use a bll.
All inputs have to pass bll before they were pass to database.
To prevent cross site scripting, is bll the correct place to validate the input?
To be exact, are all the properties of object should be validated?
I am using microsoft visual web developer 2010 to build and publish my website, I am facing a security problem. My website has authentication service for my clients, each one he has his own user name and password. After I introduced a new member, my database collapsed, may be this last member is a hacker. Is their a way to improve security vulnerabilities to prevent future attacks. May be through web.config, could be encrypted.
View 11 RepliesI have 2 website A and B.
B site with windows authentication
I want to open B site as new window from A site, so its ask for windows credential. I have credential in A site. I am opening B site using Javascript.window.open.
how i can set credential for B site from A site.
I have an application that uses the ASPNET role provider.My SQL Server crashed so I took a backup of the database and restored it to a new SQL Server and changed the db connection string to that server.The web site runs but no users can login to the site.Is there something that I should have done when the db was on the other server?
View 6 RepliesI have a requirement where I have to transfer a user from Web Site 1 on Server A to web Site 2 on Server B.
On Web Site 1, I have to provide controls to enter user id and password and which have to be validated on Web Site 2 on server B, after validating them I have to redirect the user to Web site 2.
what is best way fo doing it. code examples are greatly appreciated.
Note: On Web Site 2, user login functionality is already existing and it is provided by ASP.Net login control, am not sure how to handle the user login process from two different places.
or is it the best way to move Web Site 2 from Server B to Server A so that, the same login controls will be shown using Iframe on Web Site A.
I've set up a page where create logins with createuserwizard. I can login with created account but I get logged out after like 20min if I dont do anything (reload etc). How can I remove this timeframe? I dont want a timeframe at all, i want to stay logged in until i close the browser.
View 3 RepliesWorking on my first asp.net webpage. i have followed video tutorials and implemented asp.net membership for login/security.Using Visual Studio 2010 i can open the Asp.net configuration page for management locally.But then if I want my site admin to manage users/security online, how is this done? Like manage through a web browser. I guess this asp.net configuration GUI is not available on the internet?
View 4 RepliesHow do we prevent XSS from ASP.NET hidden fields.
View 1 Replieshow to prevent multiple login using vb.net? I'm using visual studio.net 2008
View 6 RepliesI want to prevent concurrent login under same username. I am using aspnet_users & membership concepts. So How can I achieve this....
View 6 RepliesI have to make changes to some existing web applications at work to bring them inline with a new security policy.
I am using the framework 3.5 and am using the standard sql membership provider for user authentication.
When a user is changing his password, I want to prevent him using previously used passwords. What is the best and easiest way to go about this?
I was thinking a SQL table with the following columns, my problem was do I handle encryption here as they are old?
dbo.OldUserPasswords
UserID, GUID, NOT NULL, FK Reference to aspnet_Users.
Password, nvarchar(256) NOT NULL,
Timestamp, timestamp, NOT NULL
I have a ajaxPopupExtender in where I placed a login control. But when I login i get a full postback. I've tried to put it all in an updatepanel but that didnt help.
What I want is for the client to login from the popup Window, in case of login error I want to show that error message in popup (still visible). But if the login in successful I can in codebehind do a full postback.
As of now, even when error is presented the page is doing a full postback and the popupExtender with login control is collapsed.
When writing inline code in an .aspx file and some lines down closing a statement with <% } %>, Visual Studio tries to be nice but messes it up by rewriting it all. Is there any way of turning this rewriting off, but only for inline code?
View 2 Replies