From the course: ASP.NET: Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Hiding server information
- HTTP is a text based protocol and is such, very readable, or from an attackers point of view very revealing at times. Look at the screenshot I took from an APS.NET web application using the browser developer tools. These are parts of the HTTP headers the server sends in the HTTP response. Two of them provide maybe too much information, because the browser doesn't need this piece of information. First of all, which servers is being used in this server header and also which service set framework is used. Actually in older versions of ASP.NET MVC the MVC framework version was also part of that output. We would like to get rid of those, and maybe some other revealing HTTP headers, but we do not get this automatically by default, we have to configure it into the application and I'll show you how this is done. Once again we have to go into our web.config file and do some setting there, first of all system.webServer is responsible if you are using IIS their HTTP protocol custom headers…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Introduction27s
-
(Locked)
Securing cookies6m 11s
-
(Locked)
Securing sessions6m 7s
-
Setting cookie attributes in the app1m 37s
-
(Locked)
Enforcing HTTPS3m 12s
-
(Locked)
Error handling4m 6s
-
(Locked)
Hiding server information2m 50s
-
(Locked)
Hiding more server information3m 34s
-
(Locked)
Security HTTP headers4m 15s
-
(Locked)
-