WCF Misconfiguration: Security Not Enabled
摘要:Abstract: No transport or message security has been defined. Explanation: Applications that transmit messages without transport or message security cannot guarantee the integrity or confidentiality of...
阅读全文
posted @
2016-12-20 16:29
今夜太冷
阅读(753)
推荐(0) 编辑
WCF Misconfiguration: Insufficient Audit Failure Handling
摘要:Abstract: The program is configured not to generate an exception when it fails to write to an audit log. Explanation: If WCF is configured not to throw an exception when it is unable to write to an au...
阅读全文
posted @
2016-12-20 16:21
今夜太冷
阅读(617)
推荐(0) 编辑
ASP.NET Misconfiguration: Excessive Session Timeout
摘要:Abstract: An overly long authentication timeout gives attackers more time to potentially compromise user accounts. Explanation: The longer a session stays open, the larger the window of opportunity an...
阅读全文
posted @
2016-12-20 16:15
今夜太冷
阅读(557)
推荐(0) 编辑
ASP.NET Misconfiguration: Missing Error Handling
摘要:Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in error responses. Explanation: ASP .NET applications...
阅读全文
posted @
2016-12-20 16:08
今夜太冷
阅读(587)
推荐(0) 编辑
ASP.NET Misconfiguration: Request Validation Disabled
摘要:Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked input. Explanation: Unchecked input is the leading cause of vulnerabilities in ASP.NET applications...
阅读全文
posted @
2016-12-20 16:06
今夜太冷
阅读(630)
推荐(0) 编辑
ASP.NET Misconfiguration: Debug Information
摘要:Abstract: Debugging messages help attackers learn about the system and plan a form of attack. Explanation: ASP .NET applications can be configured to produce debug binaries. These binaries give detail...
阅读全文
posted @
2016-12-20 16:01
今夜太冷
阅读(984)
推荐(0) 编辑
MIME Sniffing
摘要:Abstract: The web.config file does not include the required header to mitigate MIME sniffing attacks Explanation: MIME sniffing, is the practice of inspecting the content of a byte stream to attempt t...
阅读全文
posted @
2016-12-20 15:22
今夜太冷
阅读(1209)
推荐(0) 编辑
web.config中的HttpCookie.HttpOnly属性
摘要:Abstract: The program does not set the HttpCookie.HttpOnly property to true. Explanation: The default value for the httpOnlyCookies attribute is false, meaning that the cookie is accessible through a ...
阅读全文
posted @
2016-12-20 14:45
今夜太冷
阅读(1994)
推荐(0) 编辑
How to: Convert Between Various String Types
摘要:This topic demonstrates how to convert various Visual C++ string types into other strings. The strings types that are covered includechar *,wchar_t*,_bstr_t,CComBSTR,CString,basic_string, and...
阅读全文
posted @
2016-12-20 10:55
今夜太冷
阅读(201)
推荐(0) 编辑
Web API的Log问题
摘要:建立了一个Web API项目,在WebApiConfig.cs中已经启用了Tracing. config.EnableSystemDiagnosticsTracing(); 同时web.config中也已经配置了TextWriter. ...
阅读全文
posted @
2016-12-09 16:12
今夜太冷
阅读(800)
推荐(0) 编辑
代码中AggregateException的处理
摘要:在async方法中,发生一个异常时,代码并不会直接跳到catch语句中去,而是继续执行,所以到最后catch语句中得到的错误信息是one or more exceptions occurs… 这样的设计给我们带来了麻烦就是传统的try/catch方法得到的无法得到具体的错误信息。 【解决方法】 在catch语句中记录错误信息 if (e is Ag...
阅读全文
posted @
2016-12-07 16:56
今夜太冷
阅读(5746)
推荐(1) 编辑
