Jim's Blog Ramblings about novels, comics, programming, and other geek topics

12Jul/110

Securing ASP.NET Web Sites: Form Caching

Google AdSense
What is "Form Caching Vulnerability"?

The Form Caching Vulnerability allows sensitive form fields to be cached and retrieved by another user on the same client.

CWE-525: Information Exposure Through Browser Caching

12Jul/110

Securing ASP.NET Web Sites: Cookie Vulnerabilities

Google AdSense

This is the first of my series on securing ASP.NET web sites. As I work through various vulnerabilities, I’ll document instructions for fellow web developers in hopes that we can help build more secure web applications. The Cookie Vulnerability falls under the common vulnerability name of "Broken Authentication and Session Management."

What is "Broken Authentication and Session Management"?

This cookie vulnerability is OWASP 2010 A3. You can read more at Top 10 2010-A3-Broken Authentication and Session Management. This threat applies to application functions related to authentication and session management not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.