The following code will allow you prevent unvalidated redirects and Fowards in ASP.NET

An unvalidated redirect allows an attacker to exploit the trust a user has in a particular domain by using it as a stepping stone to another arbitrary, likely malicious site. An unvalidated forward allows an attacker’s request to be forwarded past security checks, allowing unauthorized function or data access. Fixing Unvalidated Redirects and Forwards in ASP.NET

Password hashing is the first step towards encrypting passwords before storing it in the database. It is advisable to make sure sensitive parameters like password, credit card information is encrypted by using hashing algorithm so that in the event of a database compromise such information is still secure. To make the hashing stronger it’s recommended to add a Salt to the password string. Salting makes password guessing harder and improbable if the salt is large enough. Fixing Insecure Cryptographic Storage [...]

Cross-Site Request Forgery (CSRF) is an attack that allows a hacker to perform an action on the vulnerable site on behalf of the victim. The attack is possible when the vulnerable site does not properly validate the origin of the request. The attack is performed by forcing the victim’s browser to issue an HTTP request to the vulnerable site. If the user is currently logged-in to the victim site, the request will automatically use the user’s credentials (like session cookies, [...]

Many times application references an object (files) to generate web pages. A simple example is when a user requests his mobile bill and the application fetches it from the server and displays on his screen. Applications don’t always verify the user is authorized for the target object. This results in an insecure direct object reference flaw. An attacker can easily manipulate parameter values and get access to other users details If you must expose direct references to database structures, ensure [...]

Note: This post is part of our series on “How to Fix SQL Injection Vulnerabilities“. The series contains examples on how to fix SQL Injection Vulnerabilities in various programming languages. An SQL Injection attack is a code injection attack when input from an attacker reaches one of your databases without any filteration or validation. As a result, a malicious user can execute Read / Write / Delete / Update query in your database. In addition to this he can also [...]

For most organizations thier database is the heart of its operation (or atleast the kidney). The banks, shopping portals, payment gateways, news portals and even corporate CRM/SAP systems all depend up the database to fetch information, facilitate transactions and store user information. Millions of transactions happen every day on any leading online air ticket booking site. What happens when the critical data that runs your business is not safe anymore? What if an un-authorized person gets access to your database [...]