Security
12 posts tagged with this.
-
Mitigating the 2026 ASP.NET Core Deserialization Advisory
A deserialization flaw disclosed in March 2026 affects ASP.NET Core applications running on .NET 9 and earlier. Production sites must update to the current LTS release and tighten serialization settings to prevent remote code execution.
-
PowerShell Automation for IIS on Windows Server 2025
System administrators running Windows Server 2025 can use PowerShell to automate IIS site provisioning and Active Directory authentication setup. These scripts reduce configuration drift and enforce consistent security policies across hosted .NET applications.
-
Mitigating CVE-2023-38180 in ASP.NET Core Kestrel
ASP.NET Core sites face denial-of-service risk from CVE-2023-38180 when Kestrel processes crafted HTTP/2 requests. Apply patches and set Kestrel limits to keep production services responsive.
-
Automating IIS with PowerShell on Windows Server 2022
PowerShell scripts offer a consistent method for configuring IIS on Windows Server 2022. This reduces configuration drift and allows administrators to apply security and performance settings reliably across all web servers.
-
Mitigating CVE-2023-44487: HTTP/2 Rapid Reset in .NET Apps
CVE-2023-44487 exposes HTTP/2 servers to a high-amplification denial of service attack known as Rapid Reset. Learn exactly how it impacts ASP.NET Core applications on Kestrel and IIS, plus the updates, Kestrel configuration, and monitoring practices needed to keep your production sites online.
-
Automating IIS with PowerShell on Windows Server 2022
Automate IIS configuration on Windows Server 2022 with PowerShell for consistent, repeatable deployments. This guide details server preparation, isolated app pool creation with AD accounts, automated site provisioning with HTTPS, security hardening, and config locking. Scripts eliminate drift, reduc
-
Securing IIS with Active Directory and PowerShell
Integrate Active Directory with IIS for centralized Windows Authentication and role-based access on Windows Server. This guide details IIS Manager steps, web.config rules for AD groups, and PowerShell automation using the WebAdministration module to disable anonymous access, prioritize Kerberos, and
-
Why Am I Being Asked for Verification Documents?
ASPnix requests verification documents on high-risk orders to prevent credit card fraud, confirm identity, and protect customers. This article details common triggers like address mismatches or elevated fraud scores, the submission process, what documents are needed, and how prompt responses lead to
-
Is End-to-End Encryption Supported for Email?
All ASPnix email services support STARTTLS and TLS/SSL for SMTP, IMAP, and POP3. Windows SmarterMail systems also secure ActiveSync, EWS, and MAPI for Outlook. Delivery is encrypted whenever both endpoints support it. This guide covers protocols, configuration steps, testing with CheckTLS, common pi
-
How Is My Credit or Debit Card Information Stored and Is It Safe?
We store card details encrypted with 256-bit AES in a secure, isolated database for automated billing and renewals. CVV is never stored. Access is limited to two employees with a 32-character passphrase, passwords rotate every 180 days, and our systems exceed PCI DSS with ongoing monitoring and upda
-
Mitigating CVE-2023-44487: HTTP/2 Rapid Reset on .NET Servers
CVE-2023-44487 enables devastating DDoS attacks by exploiting HTTP/2 stream resets. Learn exactly which .NET and Windows components are vulnerable, the precise configuration changes required, and code examples that add rate limiting to your ASP.NET Core applications for robust protection.
-
Automating Secure IIS Configurations on Windows Server with PowerShell
Manual IIS tweaks lead to inconsistent security postures across your hosting fleet. This article walks through battle-tested PowerShell scripts that enforce app pool isolation, strict TLS policies, request filtering, security headers, and Active Directory authentication on Windows Server 2022.