From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Vulnerability: Inclusion of third-party ccripts
From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Vulnerability: Inclusion of third-party ccripts
- [Instructor] Using CDNs and including third-party resources and scripts, is often effective and sometimes necessary. With third-party scripts come a lot of risky cases, for example, you create a get request on your page which will trigger a third-party library to be loaded. But this library could be directed to a tampered IP, which can then return a hacked JavaScript file. To fix this issue, external JavaScript resources should always be acquired via the HTTPS protocol. The SSN certificate, it's private key and the initial handshake procedure is difficult to be simulated by a fake server. So basically, when the protocol was switched to HTTPS, the fake server can no longer deliver the hacked JavaScript file, because it cannot complete the handshake with the client and the request will be aborted.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Vulnerability: Object binding vulnerability3m 34s
-
(Locked)
Vulnerability: Dangerous uploaded file type58s
-
(Locked)
Vulnerability: Excessive authentication attempts1m 30s
-
(Locked)
Vulnerability: XSS filter evasion48s
-
(Locked)
Vulnerability: Inclusion of third-party ccripts57s
-
(Locked)
Vulnerability: Cross-site request forgery (CSRF)1m 59s
-
(Locked)
Vulnerability: Open redirect1m 33s
-
(Locked)
-