Security scan tools try to exploit known vulnerabilities in your web applications. This helps system administrators and software developers to detect potential issues in advance and take an action before the applications go live.
One of the vulnerabilities security scan tools look for (and attackers try to exploit) is the vulnerability specified in PCI DSS 3.2 requirement 1.3.7:
Do not disclose private IP addresses and routing information to unauthorized parties
Wouldn’t be nice to have a tool to create web service client code automatically? Web services already provide WSDL files to provide guidance about their offerings. We just need a tool to understand these files automatically and create all the code we need to consume them.
The tool we have been looking for is WSDL to Proxy Class Tool. It generates proxy code to be used as a web service client based on the WSDL file you provide.
You can create FTP sites under IIS so that your users can perform file operations by using FTP clients. One IIS FTP site is normally sufficient for most companies. However, you may need some extra configuration to allow both external and internal users to access this site.
If you are fine with creating two FTP sites, you can create one for internal users and one for external users. The difference would be setting “External IP Address of Firewall” field for the external site.
IIS stores most of its configuration in the applicationHost.config file. When there are syntax errors or missing entries in this file, one more IIS features may not work and IIS may display an error such as “The configuration section rewrite/globalRules cannot be read“.
If your web application is crashing with OutOfMemoryException, check Event Viewer for more details. In the stack trace, you should see which function is throwing this exception. In my case, a variable in StringBuilder type was the root cause.
IIS logs are helpful in troubleshooting various web application issues. However, they may mislead server administrators by showing the logs in a time zone different than what the server uses. This is because IIS uses UTC time zone by default.
There are different ways of getting data from Active Directory. One of them is that using PrincipalContext class which is a member of System.DirectoryServices namespace (Reference).
Here is a code sample to connect to Active Directory and query a user by using PrincipalContext.
I have recently worked on a case where questions about increasing the Kerberos ticket lifetime came up. Long story short: There are security concerns about increasing the lifetime of Kerberos tickets. Details are below.
