As penetration testers, there are many different technologies that we have to be familiar with. The more we know and understand about a given technology, the better our test will be for our customers. ASP.Net is no exception. A recent post “ViewState XSS: What’s the Deal?” found at (http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/) provides good insight into an attack vector used against ASP.Net’s View State functionality. The post demonstrates how an attacker/tester can test for cross-site scripting vulnerabilities by tampering with the view state parameter. As the post indicates, there are a lot of factors that go into this attack vector. The information provided can help determine if this attack vector may be possible.
The full post can be found at: http://www.jardinesoftware.net/2012/09/17/viewstate-xss-whats-the-deal/
Professionally Evil Insights Blog Post
Blogs by experts of penetration testing and other security assessments.
Secure Ideas believes that security is a team sport, and we are constantly striving to improve our skills and knowledge so that we can better protect our clients. We are also committed to sharing our expertise with the wider community through training, speaking engagements, and blog posts such as these.
For more information about the above topic, or other security questions, please Contact Us. We are happy to discuss your specific needs and how we can help you achieve your security goals.