Yugesh Naid

Yugesh Naid

  • 2.1k
  • 12
  • 8.6k

ASP.NET Web application did not enforce a content security

Jul 2 2017 4:48 PM

Hi

I Have a Security Issue on my Web Application.

My ASP.NET Web application did not enforce a content security policy. This could potentially allow an attacker to insert malicious, executable content into the application's responses.

CSP is currently supported by most modern browsers, with the exception of Internet Explorer, which only offers partial support from version 10. The following browser versions have full support:

* Firefox - 23+

* Chrome - 25+

* Safari - 7+

The application did not include the CSP header in its responses. As such, an attacker could potentially insert crafted content, such as malicious JavaScript or CSS, which could result in XSS or CSS injection attacks on the application's users.

How Can I Prevent that?

Below are the Technologies Using:

C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.

Please assist me.

Thanks.


Answers (1)