zoukankan      html  css  js  c++  java
  • ASP.NET Misconfiguration: Request Validation Disabled

    Abstract:

    Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked input.

    Explanation:

    Unchecked input is the leading cause of vulnerabilities in ASP.NET applications. Unchecked input leads to cross-site scripting,

    process control, and SQL injection vulnerabilities, among others.

    To prevent such attacks, use the ASP.NET validation framework to check all program input before it is processed by the

    application.

    Example uses of the validation framework include checking to ensure that:

    - Phone number fields contain only valid characters in phone numbers

    - Boolean values are only "T" or "F"

    - Free-form strings are of a reasonable length and composition

    Recommendations:

    Although validation is on by default, you should make this explicit to prevent confusion by enabling the validation framework in

    your Web.config file. An example of a typical setup is:

    <configuration>

    <system.web>

    <pages validateRequest="true" />

    </system.web>

    </configuration>

  • 相关阅读:
    Java中抽象类和接口的区别(abstract class VS interface)
    ECUST_Algorithm_2019_4
    ECUST_Algorithm_2019_3
    杂题
    ECUST_Algorithm_2019_2
    Magolor的数据结构作业
    ECUST_Algorithm_2019_1
    atcoder 泛做
    2018中国大学生程序设计竞赛
    UVA
  • 原文地址:https://www.cnblogs.com/time-is-life/p/6203042.html
Copyright © 2011-2022 走看看