Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does it support Response Manipulation, Strip Signature and XSW attacks? #1475

Open
redapplewithleaves opened this issue Oct 25, 2024 · 0 comments
Open

Does it support Response Manipulation, Strip Signature and XSW attacks? #1475

redapplewithleaves opened this issue Oct 25, 2024 · 0 comments
Labels
question

Comments

@redapplewithleaves
Copy link
Contributor

Hello,

I've set up Sustainsys on my ASP.NET MVC application. My IT Security team tested the application and it failed a few essential security concerns.

Does Sustainsys support these features out of the box or did I misconfigure something?

  1. Response Manipulation - Response was manually manipulated by changing the value of an email and authentication was not validated
  2. Strip Signature - Signature was removed from the response and authentication was not validated
  3. XSW attacks - SQL injection attacks were passed and authentication was established.

I need to know where to start with these whether it is my configuration settings, IDP settings, or do I have to handle these manually and has nothing to do with Sustainsys?
@Sustainsys Sustainsys locked as off-topic and limited conversation to collaborators Nov 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@redapplewithleaves