472,344 Members | 1,323 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,344 software developers and data experts.

Testing the security of my site?

I'm wondering if there is an easy way to test the security of my ASP site. I use a lot of server-side sessions and though I know it can be highjacked, sniffed, and isn't exactly a good use of resources, i need it to maintain a lot of states. I don't store sensitive information on the servers or in sessions, but it still contains personal data. I read through different sites and posts, and they basically say sessions are pretty secure, unless they sniff and monitor the traffic.... so it's not really secure is it?

Also, I strip out symbols and use regular expressions to take out anything for e.g., login, search, etc. that isn't a number/letter or converted, so it's not prone to injection, but if they sniff out the sessions they can still do some damage I suppose.

The reason I'm wondering is when I abandon.session in, say, www.this.com/admin/logout.asp, my session in www.this.com is also gone. Is this normal? It seems they are connected when I open seperate tabs, but not separate windows. I think this is the advantage/"feature" of tabs, but will it be/is a security flaw as well? Where can I test this? Thanks!
Feb 6 '07 #1
0 970

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Hugh Cowan | last post by:
Hello, I don't program full-time (anymore), but I do try and stay on-top of the latest technologies and like most are always trying to upgrade my...
by: Lee Mundie | last post by:
Hi, I'm nearing the end of my site development (currently ASP and Access moving to SQL) and am looking for site testing tools... In particular...
by: Marina | last post by:
Hi, I am trying to find the minimum security settings to allow a windows control embedded in IE have full trust. If I give the entire Intranet...
by: Tom | last post by:
Hi, I am currently on a project where one site needs to send the user credentials to another site, through web services. Scenario: * "User...
by: Nathan Sokalski | last post by:
As we all know, IE7 is now available. However, it also cannot be installed side by side with IE6. This makes it very hard to test pages on both...
by: Earl Anderson | last post by:
First, I feel somewhat embarrassed and apologetic that this post is lengthy, but in an effort to furnish sufficient information (as opposed to too...
by: flashadow | last post by:
Who can explain. Can JsUnit test dynamic pages? A site uses Apache Tomcat for the start. A site consists of starting page in which is loaded 4 jsp...
by: Fresno Bob | last post by:
I am looking at continous integration for automatic builds, unit testing etc. Is there anything to automate security testing for SQL injection, XSS?...
by: concettolabs | last post by:
In today's business world, businesses are increasingly turning to PowerApps to develop custom business applications. PowerApps is a powerful tool...
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
by: Naresh1 | last post by:
What is WebLogic Admin Training? WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge...
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
by: Matthew3360 | last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it...
by: Arjunsri | last post by:
I have a Redshift database that I need to use as an import data source. I have configured the DSN connection using the server, port, database, and...
by: WisdomUfot | last post by:
It's an interesting question you've got about how Gmail hides the HTTP referrer when a link in an email is clicked. While I don't have the specific...
by: Matthew3360 | last post by:
Hi, I have been trying to connect to a local host using php curl. But I am finding it hard to do this. I am doing the curl get request from my web...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.