Add headers for all requests
Add this to your web.config
<system.webServer>
<httpProtocol>
<customHeaders>
<clear />
<remove name="X-AspNet-Version" />
<remove name="X-AspNetMvc-Version" />
<remove name="X-Powered-By" />
<remove name="Server" />
<remove name="X-AspNetMvc-Version" />
<remove name="X-Powered-By" />
<remove name="Server" />
<add name="X-XSS-Protection" value="1; mode=block"/>
<add name="X-Content-Type-Options" value="nosniff"/>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
<add name="X-Frame-Options" value="DENY" />
<add name="Referrer-Policy" value="no-referrer" />
<add name="X-Frame-Options" value="DENY" />
<add name="Referrer-Policy" value="no-referrer" />
</customHeaders>
</httpProtocol>
Require Strong Passwords
Go to your AccountController and find the code that creates the PasswordValidator and change it to something like this. Length is the most important thing to consider from a cryptographic complexity.
NOTE: 12 is the minimum required, but 16 is better to make it sufficiently time consuming to hack.
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 12,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true
};
Remove ASP.NET Technology Headers
In Global.asax add the following to the Application_Start() event.
MvcHandler.DisableMvcResponseHeader = true;
You will also need to add the following to the web.config
<system.web>
<httpRuntime targetFramework="4.5.2" enableVersionHeader="false" />
</system.web>
Remove Server Info from headers
Add the following to Global.asax.cs
protected void Application_PreSendRequestHeaders()
{
if (HttpContext.Current != null)
{
HttpContext.Current.Response.Headers.Remove("Server");
}
}
Also read through security issues that require reviewing your code and maybe some knowledge of how your application is written.
Restrict origin of anything loaded
To be extra safe look at adding creating a white list of what stylesheets, scripts, etc can be loaded. This will take some digging on your site, but is probably worth the effort.
There is a nuget package that does some of this. This looks to be a better choice as it is per controller, etc and explains how to use it.
X-Frame-Options
MVC5 will add in the X-Frame-Option by default. If you want to remove it and make it DENY you will need to add the following line to your Application_Start() method in the Global.asax.cs.System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
15 comments:
I must thank you for the efforts you have put in penning this site. I am hoping to check out the same high-grade content by you later on as well. In truth, your creative writing abilities has inspired me to get my own, personal blog now..
SEO Training in Chennai
Selenium Training in Chennai
Web Designing Training in Chennai
Inspiring writings and I greatly admired what you have to say , I hope you continue to provide new ideas for us all and greetings success always for you..Keep update more information..
Data Science training in Chennai | Data Science Training Institute in Chennai
Data science training in Bangalore | Data Science Training institute in Bangalore
Data science training in pune | Data Science training institute in Pune
Data science online training | online Data Science certification Training-Gangboard
Data Science Interview questions and answers
This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.
rpa training in chennai
rpa training in bangalore | best rpa training in bangalore | rpa course in bangalore | rpa training institute in bangalore | rpa training in bangalore | rpa online training
Nice post...! I am eagerly waiting for your new updates...
Embedded System Course Chennai
Embedded Training Institutes in Chennai
Corporate Training in Chennai
Power BI Training in Chennai
Linux Training in Chennai
Tableau Training in Chennai
Pega Training in Chennai
Unix Training in Chennai
Primavera Training in Chennai
Embedded Training in Thiruvanmiyur
Embedded Training in Tambaram
It's a looks very awesome article! Thanks a lot of sharing for information.
Python training in chennai
Python course in chennai
Python Training in OMR
AWS course in chennai
Data science training in chennai
Python Training in T.Nagar
Hadoop training in chennai
IELTS coaching in chennai
123.hp.com
123.hp.com/setup
I like how this article is composed. Your focuses are sound, unique, new, and fascinating. This data has been made so clear it is highly unlikely to misjudge it. Much thanks to you.
Online Teaching Platforms
Online Live Class Platform
Online Classroom Platforms
Online Training Platforms
Online Class Software
Virtual Classroom Software
Online Classroom Software
Learning Management System
Learning Management System for Schools
Learning Management System for Colleges
Learning Management System for Universities
It is really great to know you being a responsible writer did take care of the information you have provided in this article. This is elegantly prepared and well-written in my opinion.
SAP training in Mumbai
SAP course in Mumbai
SAP training institute Mumbai
Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I feel after reading your article Data Science Training In Chennai | Certification | Data Science Courses in Chennai | Data Science Training In Bangalore | Certification | Data Science Courses in Bangalore | Data Science Training In Hyderabad | Certification | Data Science Courses in hyderabad | Data Science Training In Coimbatore | Certification | Data Science Courses in Coimbatore | Data Science Training | Certification | Data Science Online Training Course
I read this post two times, I like it so much, please try to keep posting & Let me introduce other material that may be good for our community.
Hi,Great information.Thanks for sharing.I always read your blog and get lot of useful information.
hadoop training in chennai
hadoop training in porur
salesforce training in chennai
salesforce training in porur
c and c plus plus course in chennai
c and c plus plus course in porur
machine learning training in chennai
machine learning training in porur
Thanks for the post. It was very interesting and meaningful. I really appreciate it!
oracle training in chennai
oracle training in omr
oracle dba training in chennai
oracle dba training in omr
ccna training in chennai
ccna training in omr
seo training in chennai
seo training in omr
Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article inspired me to read more. keep it up.data science courses
Amazing post thanks for sharing.
Online training for big data
Big Data Hadoop Online Training
Your content is nothing short of brilliant in many ways. I think this is engaging and eye-opening material. Thank you so much for caring about your content and your readers.
data analytics courses in hyderabad
Post a Comment