Tag Archives: Security

ASP.NET Session and Forms Authentication

The title can be misleading, because in concept, one is not related to the other.  However, a lot of web applications mix them up, causing bugs that are hard to troubleshoot, and, at worst, causing security vulnerabilities. A little bit … Continue reading

Posted in ASP.NET | Tagged | 9 Comments

Yet Another Take on the Padding Oracle Exploit Against ASP.NET

Or an example Padding Oracle attack in 100 lines of C# code. This post has been in my outbox for weeks, since I did not want to make it generally available before the patches were released.  Now that the patches … Continue reading

Posted in ASP.NET | Tagged , | 1 Comment