Security
24 posts tagged with this.
-
Mitigating Recent ASP.NET Core Request Smuggling Risks
A flaw in Kestrel's HTTP/2 frame handling enables request smuggling on misconfigured production sites. Update to current .NET releases and enforce strict header validation to close the exposure.
-
PowerShell for IIS Configuration on Windows Server
PowerShell provides reliable, repeatable control over IIS settings on Windows Server. Administrators can enforce security baselines, audit pools, and manage sites without manual UI steps that introduce drift.
-
Mitigating Recent ASP.NET Core Request Handling Risks
A recent Microsoft advisory addresses flaws in how ASP.NET Core processes certain HTTP requests under load-balanced or reverse-proxy setups. Production sites must apply configuration changes and runtime updates to prevent potential smuggling or injection vectors.
-
Mitigating Recent .NET Deserialization Risks in Production
A recent advisory warns of unsafe object deserialization paths in ASP.NET Core workloads. Production sites on Windows Server and IIS must apply targeted configuration and code changes to reduce exposure.
-
PowerShell IIS Hardening on Windows Server 2025
Windows Server 2025 ships with updated IIS defaults that reduce attack surface for .NET sites. This guide shows the exact PowerShell commands administrators use to apply and verify those settings in production.
-
Addressing the Recent Kestrel Header Parsing Advisory
A Microsoft advisory details a denial-of-service risk in Kestrel's HTTP/2 header handling affecting ASP.NET Core production sites. Learn the scope of impact and the concrete configuration and patching steps required to close the exposure.
-
PowerShell IIS Management with Active Directory on Windows Server 2025
PowerShell cmdlets now provide tighter integration with Active Directory for IIS site and application pool management on Windows Server 2025. Administrators can enforce consistent authentication and permission models without relying on the IIS Manager GUI.
-
Mitigating Recent Kestrel Request Handling Issues
A recent Microsoft advisory highlights risks in Kestrel's HTTP request processing for ASP.NET Core applications. Production sites must apply configuration changes and update to current .NET releases to prevent potential request smuggling and denial of service.
-
PowerShell Hardening for IIS on Windows Server 2025
Windows Server 2025 ships with updated IIS defaults that still require targeted configuration for production .NET workloads. This post shows the exact PowerShell commands system administrators use to lock down sites, enforce TLS, and integrate with Active Directory.
-
Mitigating Recent ASP.NET Core Auth Header Risks
A recent advisory details flaws in how ASP.NET Core applications process authentication headers under specific load conditions. Production sites must apply updates and tighten configuration to prevent bypasses.
-
Mitigating Recent .NET Request Smuggling Risks
A recent advisory highlights HTTP/2 request smuggling flaws affecting ASP.NET Core applications on IIS. Production sites must apply updates and adjust server configuration to prevent request manipulation and unauthorized access.
-
Mitigating Recent ASP.NET Core Header Parsing Risks
A recent Microsoft security advisory highlights risks in ASP.NET Core header handling that can lead to authentication bypass on production sites. Learn who is affected and the exact configuration changes required to close the exposure.
-
Mitigating the 2026 ASP.NET Core Deserialization Advisory
A deserialization flaw disclosed in March 2026 affects ASP.NET Core applications running on .NET 9 and earlier. Production sites must update to the current LTS release and tighten serialization settings to prevent remote code execution.
-
PowerShell Automation for IIS on Windows Server 2025
System administrators running Windows Server 2025 can use PowerShell to automate IIS site provisioning and Active Directory authentication setup. These scripts reduce configuration drift and enforce consistent security policies across hosted .NET applications.
-
Mitigating CVE-2023-38180 in ASP.NET Core Kestrel
ASP.NET Core sites face denial-of-service risk from CVE-2023-38180 when Kestrel processes crafted HTTP/2 requests. Apply patches and set Kestrel limits to keep production services responsive.