AppSec Blog: Category - .Net

Breaking CSRF: ASP.NET MVC

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe. In this post, Taras will discuss using anti-forgery tokens in the ASP.NET MVC framework. CSRF (Cross-Site Request Forgery) has been #8 in the OWASP Top 10 for many years. For a little background, CSRF is comprehensively explained in this article … Continue reading Breaking CSRF: ASP.NET MVC


HTTP Verb Tampering in ASP.NET

We're only a few days into 2016, and it didn't take long for me to see a web application vulnerability that has been documented for over 10 years: HTTP Verb Tampering. This vulnerability occurs when a web application responds to more HTTP verbs than necessary for the application to properly function. Clever attackers can exploit … Continue reading HTTP Verb Tampering in ASP.NET


ASP.NET MVC: Secure Data Storage

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe. In this post, Taras will review secure data storage in the ASP.NET MVC framework. Secure Logging The system should not log any sensitive data (e.g. PCI, PHI, PII) into unprotected log storage. Let's look at an example from a healthcare … Continue reading ASP.NET MVC: Secure Data Storage


ASP.NET MVC: Secure Data Transmission

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will review secure data transmission in the ASP.NET MVC framework. Secure data transmission is a critical step towards securing our customer information over the web. In fact, many of our SoftServe applications are regulated by … Continue reading ASP.NET MVC: Secure Data Transmission


ASP.NET MVC: Audit Logging

Guest Editor: Today's post is from Taras Kholopkin. Taras is a Solutions Architect at SoftServe, Inc. In this post, Taras will take a look at creating an audit logging action filter in the ASP.NET MVC framework. Audit logging is a critical step for adding security to your applications. Often times, audit logs are used to … Continue reading ASP.NET MVC: Audit Logging