Archives
-
Asp.Net Application Security.
I was recently helping a colleague with a customer who was running a security check against their IIS Server on Windows Server 2008.
(Editor’s Note: This is an extremely good thing to do and we do recommend that everyone runs a security check against their server.)
The security tool they used highlighted that the server was running Asp.Net and might be vulnerable to cross-site scripting attacks.
The Asp.Net engine does validate every request that comes in.
We do however recommend that you still ensure your application is not susceptible to the scripting attacks that are out there.