Distributed Abnormally Long request HTTP flood attacker volumetric attack, allien using a botnet “Zombie army”. It is bring down the...

Origin header is sent by the browser in a CORS request and indicates that origin request. It may be spoofed outside the browser, so need...

URL contain a sensitive query parameter and stored in the browser history. Web application may be configured log the URL of all request....

Attacker sends a request of type "OPTIONS" to the Web server of your application to determine what HTTP methods are supported by the...

It is possible to retrieve the source code from server side script and also may possible to expose the business logic or sensitive...

Salt A new salt (form of encryption) is randomly generated for each password. Setting a salt and a password are concatenated and...

· Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating. ·...

Symmetric Encryption Symmetric encryption is the best-known technique. Use a secret key, which can be a number, word, or string of random...

User want facility to upload the file. An attacker take the privilege of this facility to upload the malicious file. It have potential to...

You can add input validation to Web Forms pages by using validation controls. To make sure that all the required parameters exist in a...

Denial of service attacks are most common to take website and servers down. It is easy to attack and hard to protect. The way to prevent...

It is also possible to pass the null character in the URL, which creates a vulnerability known as Null Byte Injection. In the URL it is...

CSRF Attack protection to all pages that inherit from the site.master page. 1. All web form pages data modification use the site.master...

The Form token is make problem for AJAX request, Ajax is send the JASON data not a HTML form because of this form token not be validated...

Many web server allow access control using HTTP Methods, enabling access using one or more methods. The problem is that many...

Anti-Forgery Token It is help to prevent the CSRF attack, ASP.NET MVC uses anti forgery token. 1. The client request HTML page contain a...

This type of attack requires an attacker to use javascript. Attacker insists a user perform an undesired action by clicking on a...

It is nearly same as normal SQL injection but the difference is that it retrieved the data from the database. It asks a true and false...

Nowadays SQL injection is a common attack that use malicious SQL injection code for database manipulation to access information. OR When...

Penetration is a process to inject, exploit and evaluate the vulnerability of a system. It is include scanning, auditing, risk assessment...