Entries by AppSec Labs

Setting the HttpOnly Flag – Java

For older versions of servlet Add the following on cookie creation For servlet version 3.0 or later Add the following lines into web.xml file Reference https://www.owasp.org/index.php/HttpOnly#Using_Java_to_Set_HttpOnly


Description Clickjacking, also known as a UI Redress Attack, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on what they can see, which is the the top level page. This is a malicious technique […]

Clickjacking – ASP.NET Secure Coding

Method #1 Adding the X-Frame-Options in HTTP header Add the code to the Application_BeginRequest method of global.asax file Method #2 Including frame busting code References http://technet.microsoft.com/en-us/security/cc242650 http://blogs.msdn.com/b/sdl/archive/2009/02/05/clickjacking-defense-in-i…

Clickjacking protection in IIS7

Configure IIS to prevent Clickjacking Follow the steps to do this Open Internet Information Services (IIS) Manager. In the Connections pane on the left side, expand the Sites folder and select the site that you want to protect. Double-click the HTTP Response Headers icon in the feature list in the middle. In the Actions pane […]

Prevention of Web Page Caching – PHP

Method Add the following codes into the page, in order to prevent the page being cached Reference http://wiki.asp.net/page.aspx/1487/prevent-browser-caching-of-web-pages-… https://www.owasp.org/index.php/Testing_for_Logout_and_Browser_Cache_Man…(OWASP-AT-007)

Prevention of Web Page Caching – ASP.NET

Method Add the following codes into the page, in order to prevent the page being cached: Reference http://support.microsoft.com/kb/234067 http://wiki.asp.net/page.aspx/1487/prevent-browser-caching-of-web-pages-… http://msdn.microsoft.com/en-us/library/ms178606(v=vs.100).aspx http://support.microsoft.com/kb/q222064

Web Page Caching

Description Caching improves the user browsing experience by reducing the latency time, allowing for better bandwidth usage and reduction of the web server load. Web pages with web cache enabled can be cached in the client browser as well as in the server proxies and gateways that are part of the web traffic between the […]

Setting Session Timeout – Apache

Method#1 In php.ini file Add the following code in php.ini file Method#2 Using .htaccess Add the following line in .htaccess Method#3 In httpd.conf file Add the line in httpd.conf file (The digit denotes the number of second) Reference http://php.net/manual/en/ref.session.php