There is a bug in RemoveServerHeader for IIS 10+ as documented here. I documented the new attribute in IIS 10 here back in March 2018. The description of the bug states: The new removeServerHeader boolean property added in IIS 10 does not work for the very first request to a web application. If you fresh start/restart… Read More »
HTTP headers leak technical information to potential attackers about a system. To harden the security of an application you need to disclose as little information about a system as possible. In this post I will show to remove the Asp.net version from HTTP server header responses.
Securing a website with HTTPS in Asp.net core is a bit different than with normal asp.net in IIS. In this post I will show to configure asp.net core so that it uses HTTPS.
When it comes to access control in asp.net we are all familiar with the access control elements found in the web.config. Below I will cover the best way to secure a website with the authorization element?
Custom error pages are used to hide technical information from end users. Often default error pages can leak technical information to potential attackers. In this post Ill show how to implement custom error pages for IIS and Asp.net to assist with hardening the security of a system.
TLS 1.3 is out and its time to take note and plan the retirement of TLS 1.2.
HTTP headers leak technical information to potential attackers about a system. To harden the security of an application you need to disclose as little information about a system as possible.
GDPR or General Data Protection Regulation is a European law relating to the security and data privacy of an individuals information relating to his identity. The law will come in effect on 25 May 2018.
Complex password validation Our team had to build a regular expression for a client to password validation and it had the following requirements. Below is the expression for anyone that needs anything like this. Hopefully I safe someone some time.