摘要:
Abstract: No transport or message security has been defined. Explanation: Applications that transmit messages without transport or message security cannot guarantee the integrity or confidentiality of... 阅读全文
摘要:
Abstract: The program is configured not to generate an exception when it fails to write to an audit log. Explanation: If WCF is configured not to throw an exception when it is unable to write to an au... 阅读全文
摘要:
Abstract: An overly long authentication timeout gives attackers more time to potentially compromise user accounts. Explanation: The longer a session stays open, the larger the window of opportunity an... 阅读全文
摘要:
Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in error responses. Explanation: ASP .NET applications... 阅读全文
摘要:
Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked input. Explanation: Unchecked input is the leading cause of vulnerabilities in ASP.NET applications... 阅读全文
摘要:
Abstract: Debugging messages help attackers learn about the system and plan a form of attack. Explanation: ASP .NET applications can be configured to produce debug binaries. These binaries give detail... 阅读全文
摘要:
Abstract: The web.config file does not include the required header to mitigate MIME sniffing attacks Explanation: MIME sniffing, is the practice of inspecting the content of a byte stream to attempt t... 阅读全文
摘要:
Abstract: The program does not set the HttpCookie.HttpOnly property to true. Explanation: The default value for the httpOnlyCookies attribute is false, meaning that the cookie is accessible through a ... 阅读全文
摘要:
This topic demonstrates how to convert various Visual C++ string types into other strings. The strings types that are covered includechar *,wchar_t*,_bstr_t,CComBSTR,CString,basic_string, and... 阅读全文