摘要:
Abstract: No transport or message security has been defined. Explanation: Applications that transmit messages without transport or message security cannot guarantee the integrity or confidentiality of...
阅读全文
posted @ 2016-12-20 16:29
今夜太冷
阅读(735)
推荐(0)
编辑
摘要:
Abstract: The program is configured not to generate an exception when it fails to write to an audit log. Explanation: If WCF is configured not to throw an exception when it is unable to write to an au...
阅读全文
posted @ 2016-12-20 16:21
今夜太冷
阅读(603)
推荐(0)
编辑
摘要:
Abstract: An overly long authentication timeout gives attackers more time to potentially compromise user accounts. Explanation: The longer a session stays open, the larger the window of opportunity an...
阅读全文
posted @ 2016-12-20 16:15
今夜太冷
阅读(552)
推荐(0)
编辑
摘要:
Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in error responses. Explanation: ASP .NET applications...
阅读全文
posted @ 2016-12-20 16:08
今夜太冷
阅读(571)
推荐(0)
编辑
摘要:
Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked input. Explanation: Unchecked input is the leading cause of vulnerabilities in ASP.NET applications...
阅读全文
posted @ 2016-12-20 16:06
今夜太冷
阅读(607)
推荐(0)
编辑
摘要:
Abstract: Debugging messages help attackers learn about the system and plan a form of attack. Explanation: ASP .NET applications can be configured to produce debug binaries. These binaries give detail...
阅读全文
posted @ 2016-12-20 16:01
今夜太冷
阅读(973)
推荐(0)
编辑
摘要:
Abstract: The web.config file does not include the required header to mitigate MIME sniffing attacks Explanation: MIME sniffing, is the practice of inspecting the content of a byte stream to attempt t...
阅读全文
posted @ 2016-12-20 15:22
今夜太冷
阅读(1188)
推荐(0)
编辑
摘要:
Abstract: The program does not set the HttpCookie.HttpOnly property to true. Explanation: The default value for the httpOnlyCookies attribute is false, meaning that the cookie is accessible through a ...
阅读全文
posted @ 2016-12-20 14:45
今夜太冷
阅读(1964)
推荐(0)
编辑
摘要:
This topic demonstrates how to convert various Visual C++ string types into other strings. The strings types that are covered includechar *,wchar_t*,_bstr_t,CComBSTR,CString,basic_string, and...
阅读全文
posted @ 2016-12-20 10:55
今夜太冷
阅读(197)
推荐(0)
编辑