Dr. Drew Hwang, CIS, Cal Poly Pomona
Home
101
WDD
ECOMM
SWA
SP
Secure Web Development
Home
Basics
Offense
Defense
SDLC
Code
Access
Parameter
Perimeter
Browser
Industry
Resource
Parameter
Session Management
Session Hijacking
Session Fixation
Insecure Direct Object Reference
Misconfiguration
Unvalidated Redirects and Forwards
Print
Misconguration
Introduction
Secure configuration can be defined, in broader sense, for the web application, web framework, web server, database server, application server, firewall and platform.
For web development it mainly means the security configurations that are necessary to deploy for the web applications to run safe. Security misconfiguration, on the other hand,
means that the web applications are not configured correctly against possible security vulnerabilities.
OWASP Risk Profile
source: OWASP
ASP.NET Configurations
Source:
Code Project
Encrypt sensitive configuration data
In
web.config
:
Error message and trace (debugging) information
Enable
cookie property called HttpOnly
cookie property called HttpOnly
cookie property called HttpOnly
httpOnly
cookies property: <httpCookies httpOnlyCookies="false">