Mask Your Web Server for Enhanced Security: ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
Mask Your Web Server for Enhanced Security

page 5 of 14

by Joe Lima
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 54540/ 79

Article Contents:

Introduction
Crackers Start Here. Shouldn’t You?
The Server Header Tells All
Unsightly File Extensions
Half-Baked Cookies
Send These to the Recycle Bin
Get Your Headers Straight
Whose Default is That?
We Don’t Need No Extra Services
Unsanitary Inputs
Combing Through the Stacks
Netcraft is Watching
Let's Be Careful Out There
Credits

Half-Baked Cookies

The ASP session ID cookie, used by the Session object to maintain client state, is another dead giveaway:

Set-Cookie: ASPSESSIONIDQGQGGWFC=MGMLNKMDENPEOPIJHPOPEPPB;

You can disable ASP Session State so that this cookie is not placed, but you lose the convenience of using the Session object to maintain client state. You could also create an ISAPI filter to change the names of any session ID cookie. On the other hand, ASP sessions are resource intensive, and turning them off improves the performance and scalability of your ASP application, while also helping to anonymize your server.

« (Page 4)

View Entire Article

(Page 6) »

User Comments

No comments posted yet.

Product Spotlight