AppSec Blog: Category - .Net

ASP.Net Forms Authentication Bypass

It was recently announced that there is a vulnerability in ASP.Net Forms Authentication. The vulnerability allows an attacker to assume the identity of another user within the application without the need to know the victim's password. This is a critical vulnerability as it could allow users to execute commands they do not have access to. … Continue reading ASP.Net Forms Authentication Bypass

ASP.Net Insecure Redirect

It was recently discovered that there was a vulnerability within the ASP.Net Forms Authentication process that could allow an attacker to force a user to visit a malicious web site upon successful authentication. Until this vulnerability was found, it was thought that the only way to allow the Forms Authentication redirect (managed by the ReturnUrl … Continue reading ASP.Net Insecure Redirect

Real and useful security help for software developers

There's lots of advice on designing and building secure software. All you need to do is: Think like an attacker. Minimize the Attack Surface. Apply the principles of Least Privilege and Defense in Depth and Economy of Mechanism. Canonicalize and validate all input. Encode and escape output within the correct context. Use encryption properly. Manage … Continue reading Real and useful security help for software developers

Commenting Server Controls in ASP.Net

How often do you just use an HTML comment to remove old code, or new functionality that isn't ready yet? Are HTML comments effective for ASP.Net server controls? From a pure development context, they probably are. When we factor in security, they no longer provide the functionality that was intended. This post will explain an … Continue reading Commenting Server Controls in ASP.Net

Bypassing ValidateRequest in ASP.NET

In this post, I am going to explain another technique that can be used to bypass the Validate Request filter in an html element context. This technique uses a different character encoding to bypass the blacklist checks that are done. To recap, ValidateRequest returns false when the following conditions are met: