René's URL Explorer Experiment


Title: GitHub - security-code-scan/security-code-scan.github.io: The webpage is periodically updated from https://github.com/security-code-scan/security-code-scan/tree/vs2019/website

Open Graph Title: GitHub - security-code-scan/security-code-scan.github.io: The webpage is periodically updated from https://github.com/security-code-scan/security-code-scan/tree/vs2019/website

X Title: GitHub - security-code-scan/security-code-scan.github.io: The webpage is periodically updated from https://github.com/security-code-scan/security-code-scan/tree/vs2019/website

Description: The webpage is periodically updated from https://github.com/security-code-scan/security-code-scan/tree/vs2019/website - security-code-scan/security-code-scan.github.io

Open Graph Description: The webpage is periodically updated from https://github.com/security-code-scan/security-code-scan/tree/vs2019/website - security-code-scan/security-code-scan.github.io

X Description: The webpage is periodically updated from https://github.com/security-code-scan/security-code-scan/tree/vs2019/website - security-code-scan/security-code-scan.github.io

Opengraph URL: https://github.com/security-code-scan/security-code-scan.github.io

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:2ce81d0f-cc89-0c6c-ff07-1d679b36f79b
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-idC188:50BF:A30007:DA6EA8:69704322
html-safe-nonce79cddce91ce4fb4696c67bf6d45754a63a87d7799ceb4d77178a887e72a38b2f
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDMTg4OjUwQkY6QTMwMDA3OkRBNkVBODo2OTcwNDMyMiIsInZpc2l0b3JfaWQiOiI0MzI3MTg4MDAwNjg5NjM2MTMwIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmac8adc712772082f19ead63cf35c741f5a277c4bc002781867e4b0582a887094d8
hovercard-subject-tagrepository:115855439
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/security-code-scan/security-code-scan.github.io
twitter:imagehttps://opengraph.githubassets.com/47a16a099feffb0692c137b27d1c8071ddbb0ae4ae3f924b7d32e71267100033/security-code-scan/security-code-scan.github.io
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/47a16a099feffb0692c137b27d1c8071ddbb0ae4ae3f924b7d32e71267100033/security-code-scan/security-code-scan.github.io
og:image:altThe webpage is periodically updated from https://github.com/security-code-scan/security-code-scan/tree/vs2019/website - security-code-scan/security-code-scan.github.io
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None9920a62ba22d06470388e2904804fb7e5ec51c9e35f81784e9191394c74b2bd2
turbo-cache-controlno-preview
go-importgithub.com/security-code-scan/security-code-scan.github.io git https://github.com/security-code-scan/security-code-scan.github.io.git
octolytics-dimension-user_id34749455
octolytics-dimension-user_loginsecurity-code-scan
octolytics-dimension-repository_id115855439
octolytics-dimension-repository_nwosecurity-code-scan/security-code-scan.github.io
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id115855439
octolytics-dimension-repository_network_root_nwosecurity-code-scan/security-code-scan.github.io
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releasef643964067a552f02067066d6a910b2f90a5721f
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fsecurity-code-scan%2Fsecurity-code-scan.github.io
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fsecurity-code-scan%2Fsecurity-code-scan.github.io
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=security-code-scan%2Fsecurity-code-scan.github.io
Reloadhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
Reloadhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
Reloadhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
security-code-scan https://patch-diff.githubusercontent.com/security-code-scan
security-code-scan.github.iohttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Fsecurity-code-scan%2Fsecurity-code-scan.github.io
Fork 5 https://patch-diff.githubusercontent.com/login?return_to=%2Fsecurity-code-scan%2Fsecurity-code-scan.github.io
Star 7 https://patch-diff.githubusercontent.com/login?return_to=%2Fsecurity-code-scan%2Fsecurity-code-scan.github.io
https://github.com/security-code-scan/security-code-scan/tree/vs2019/websitehttps://github.com/security-code-scan/security-code-scan/tree/vs2019/website
security-code-scan.github.iohttps://security-code-scan.github.io
7 stars https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/stargazers
5 forks https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/forks
Branches https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/branches
Tags https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tags
Activity https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/activity
Star https://patch-diff.githubusercontent.com/login?return_to=%2Fsecurity-code-scan%2Fsecurity-code-scan.github.io
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Fsecurity-code-scan%2Fsecurity-code-scan.github.io
Code https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
Pull requests 0 https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/pulls
Actions https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/actions
Security Uh oh! There was an error while loading. Please reload this page. https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/security
Please reload this pagehttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
Insights https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/pulse
Code https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
Pull requests https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/pulls
Actions https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/actions
Security https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/security
Insights https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/pulse
Brancheshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/branches
Tagshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tags
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/branches
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tags
156 Commitshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/commits/master/
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/commits/master/
.github/workflowshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/.github/workflows
.github/workflowshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/.github/workflows
_layoutshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/_layouts
_layoutshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/_layouts
componentshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/components
componentshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/components
imageshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/images
imageshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/images
javascriptshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/javascripts
javascriptshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/javascripts
stylesheetshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/stylesheets
stylesheetshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/tree/master/stylesheets
.gitignorehttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/.gitignore
.gitignorehttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/.gitignore
README.mdhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/README.md
README.mdhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/README.md
_config.ymlhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/_config.yml
_config.ymlhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/_config.yml
favicon.icohttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/favicon.ico
favicon.icohttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/favicon.ico
READMEhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#quick-facts
Open Sourcehttps://github.com/security-code-scan/security-code-scan
security vulnerability patternshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#rules
GitHubhttps://github.com/marketplace/actions/securitycodescan
GitLabhttps://docs.gitlab.com/ee/user/application_security/sast/analyzers.html
Stand-alone runnerhttps://www.nuget.org/packages/security-scan/
MSBuildhttps://msdn.microsoft.com/en-us/library/dd393574.aspx
.NET Corehttps://en.wikipedia.org/wiki/.NET_Framework#.NET_Core
Communityhttps://www.visualstudio.com/en-us/products/visual-studio-community-vs.aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#installation
GitHubhttps://github.com/marketplace/actions/securitycodescan
GitLabhttps://docs.gitlab.com/ee/user/application_security/sast/analyzers.html
Stand-alone runnerhttps://www.nuget.org/packages/security-scan/
can be installed ashttps://docs.microsoft.com/en-us/visualstudio/code-quality/install-roslyn-analyzers
Visual Studio extensionhttps://marketplace.visualstudio.com/items?itemName=JaroslavLobacevski.SecurityCodeScanVS2019
NuGet packagehttps://www.nuget.org/packages/SecurityCodeScan.VS2019/
Stand-alone runnerhttps://www.nuget.org/packages/security-scan/
GitHub Releaseshttps://github.com/security-code-scan/security-code-scan/releases
mismatch between the used compiler toolset/SDK and the version of Roslyn analyzer library used by SCShttps://github.com/dotnet/roslyn/issues/2683
MSBuildhttps://msdn.microsoft.com/en-us/library/dd393574.aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/images/security-scan-tool.png
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#integration-with-continuous-integration-ci-builds-and-third-party-tools
GitHubhttps://github.com/marketplace/actions/securitycodescan
GitLabhttps://docs.gitlab.com/ee/user/application_security/sast/analyzers.html
Stand-alone runnerhttps://www.nuget.org/packages/security-scan/
MSBuildhttps://msdn.microsoft.com/en-us/library/dd393574.aspx
scripthttps://github.com/SPoint42/SecurityTools/tree/main/SCDotNet2DefectDojo
DefectDojohttps://github.com/DefectDojo/django-DefectDojo
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#configuration
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#background-analysis-scope
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/images/fullsolution.png
additional informationhttps://docs.microsoft.com/en-us/visualstudio/code-quality/how-to-enable-and-disable-full-solution-analysis-for-managed-code
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#testing-on-webgoatnet
WebGoat.NEThttps://github.com/OWASP/WebGoat.NET/zipball/master
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/images/intellisense.png
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/images/output.png
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#analyzing-aspx-and-webconfig-files
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#external-configuration-files
built-in configurationhttps://github.com/security-code-scan/security-code-scan/blob/vs2019/SecurityCodeScan/Config/Main.yml
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/images/additionalfiles.png
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#custom-taint-source-sinks-sanitizers-and-validators
configuration filehttps://github.com/security-code-scan/security-code-scan/blob/vs2019/SecurityCodeScan/Config/Main.yml
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#audit-mode
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#suppressing-and-fixing-the-warnings
standard functionality for Visual Studiohttps://docs.microsoft.com/en-us/visualstudio/code-quality/in-source-suppression-overview
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/images/suppresscontextmenu.png
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/images/suppresserrorlist.png
it's own documentationhttps://docs.microsoft.com/en-us/visualstudio/code-quality/use-roslyn-analyzers
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#severity
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/blob/master/images/severity.png
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#troubleshooting
affect results from other analyzershttps://github.com/dotnet/roslyn/issues/23879
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#rules
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#injection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references
OWASP: Top 10 2013-A1-Injectionhttps://www.owasp.org/index.php/Top_10_2013-A1-Injection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0001---command-injection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-1
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')https://cwe.mitre.org/data/definitions/78.html
OWASP: Command Injectionhttps://www.owasp.org/index.php/Command_Injection
OWASP: Top 10 2013-A1-Injectionhttps://www.owasp.org/index.php/Top_10_2013-A1-Injection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0002---sql-injection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-1
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-1
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-1
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-2
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')https://cwe.mitre.org/data/definitions/89.html
WASC-19: SQL Injectionhttp://projects.webappsec.org/w/page/13246963/SQL%20Injection
OWASP: SQL Injection Prevention Cheat Sheethttps://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
OWASP: Query Parameterization Cheat Sheethttps://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
CAPEC-66: SQL Injectionhttp://capec.mitre.org/data/definitions/66.html
Bobby Tables: A guide to preventing SQL injectionhttp://bobby-tables.com/csharp
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0003---xpath-injection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-2
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-2
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-2
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-3
CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection')https://cwe.mitre.org/data/definitions/643.html
WASC-39: XPath Injectionhttp://projects.webappsec.org/w/page/13247005/XPath%20Injection
OWASP: XPATH Injectionhttps://www.owasp.org/index.php/XPATH_Injection
Black Hat Europe 2012: Hacking XPath 2.0http://media.blackhat.com/bh-eu-12/Siddharth/bh-eu-12-Siddharth-Xpath-WP.pdf
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0007---xml-external-entity-injection-xxe
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-3
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-3
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-3
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-4
CWE-611: Improper Restriction of XML External Entity Reference ('XXE')https://cwe.mitre.org/data/definitions/611.html
OWASP.org: XML External Entity (XXE) Prevention Cheat Sheet (.NET)https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#.NET
CERT: IDS10-J. Prevent XML external entity attackshttps://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=61702260
OWASP.org: XML External Entity (XXE) Processinghttps://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing
WS-Attacks.org: XML Entity Expansionhttp://www.ws-attacks.org/index.php/XML_Entity_Expansion
WS-Attacks.org: XML External Entity DOShttp://www.ws-attacks.org/index.php/XML_External_Entity_DOS
WS-Attacks.org: XML Entity Reference Attackhttp://www.ws-attacks.org/index.php/XML_Entity_Reference_Attack
Identifying Xml eXternal Entity vulnerability (XXE)http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0018---path-traversal
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-4
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-4
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-4
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-5
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')https://cwe.mitre.org/data/definitions/22.html
OWASP: Path Traversalhttps://www.owasp.org/index.php/Path_Traversal
OS Command Injection, Path Traversal & Local File Inclusion Vulnerability - Noteshttps://riseandhack.blogspot.com/2015/02/os-command-injection-path-traversal.html
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0029---cross-site-scripting-xss
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-5
HTTP-onlyhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0009
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-5
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-5
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-6
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://cwe.mitre.org/data/definitions/79.html
WASC-8: Cross Site Scriptinghttp://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting
OWASP: XSS Prevention Cheat Sheethttps://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
OWASP: Top 10 2013-A3: Cross-Site Scripting (XSS)https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_%28XSS%29
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0026---ldap-distinguished-name-injection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-6
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-6
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-6
AntiXSS libraryhttps://www.nuget.org/packages/AntiXSS/
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-7
CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')https://cwe.mitre.org/data/definitions/90.html
WASC-29: LDAP Injectionhttp://projects.webappsec.org/w/page/13246947/LDAP%20Injection
OWASP: LDAP Injectionhttps://www.owasp.org/index.php/LDAP_injection
OWASP: LDAP Injection Prevention Cheat Sheethttps://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet
MSDN Blog - Security Tools: LDAP Injection and mitigationhttps://blogs.msdn.microsoft.com/securitytools/2009/08/10/ldap-injection-and-mitigation/
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0031---ldap-filter-injection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-7
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-7
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-7
AntiXSS libraryhttps://www.nuget.org/packages/AntiXSS/
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-8
CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')https://cwe.mitre.org/data/definitions/90.html
WASC-29: LDAP Injectionhttp://projects.webappsec.org/w/page/13246947/LDAP%20Injection
OWASP: LDAP Injectionhttps://www.owasp.org/index.php/LDAP_injection
OWASP: LDAP Injection Prevention Cheat Sheethttps://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet
MSDN Blog - Security Tools: LDAP Injection and mitigationhttps://blogs.msdn.microsoft.com/securitytools/2009/08/10/ldap-injection-and-mitigation/
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#cryptography
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0004---certificate-validation-disabled
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-8
certificate authorityhttp://en.wikipedia.org/wiki/Certificate_authority
Man-in-the-middle attackshttp://en.wikipedia.org/wiki/Man-in-the-middle_attack
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-8
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-8
certificate pinninghttps://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-9
CWE-295: Improper Certificate Validationhttps://cwe.mitre.org/data/definitions/295.html
WASC-04: Insufficient Transport Layer Protectionhttp://projects.webappsec.org/w/page/13246945/Insufficient%20Transport%20Layer%20Protection
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0005---weak-random-number-generator
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-9
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-9
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-9
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-10
CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)https://cwe.mitre.org/data/definitions/338.html
OWASP: Insecure Randomnesshttps://www.owasp.org/index.php/Insecure_Randomness
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0006---weak-hashing-function
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-10
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-10
adaptive algorithmshttps://crackstation.net/hashing-security.htm
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-11
CWE-327: Use of a Broken or Risky Cryptographic Algorithmhttps://cwe.mitre.org/data/definitions/327.html
MSDN: SHA256 Class documentationhttps://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256(v=vs.110).aspx
Salted Password Hashing - Doing it Righthttps://crackstation.net/hashing-security.htm
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0010---weak-cipher-algorithm
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-10
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-11
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-11
Solution in Weak Cipher Modehttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0013
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-12
CWE-327: Use of a Broken or Risky Cryptographic Algorithmhttps://cwe.mitre.org/data/definitions/327.html
NIST Withdraws Outdated Data Encryption Standardhttp://www.nist.gov/itl/fips/060205_des.cfm
StackOverflow: Authenticated encryption examplehttp://stackoverflow.com/questions/202011/encrypt-and-decrypt-a-string/10366194#10366194
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0013---potential-usage-of-weak-ciphermode-mode
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-11
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-12
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-12
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-13
CWE-327: Use of a Broken or Risky Cryptographic Algorithmhttps://cwe.mitre.org/data/definitions/327.html
Padding Oracles for the masses (by Matias Soler)http://www.infobytesec.com/down/paddingoracle_openjam.pdf
Wikipedia: Authenticated encryptionhttp://en.wikipedia.org/wiki/Authenticated_encryption
NIST: Authenticated Encryption Modeshttp://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html#01
CAPEC: Padding Oracle Crypto Attackhttp://capec.mitre.org/data/definitions/463.html
Wikipedia: ECB modehttps://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_(ECB)
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#cookies
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0008---cookie-without-ssl-flag
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-12
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-13
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-13
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-14
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attributehttps://cwe.mitre.org/data/definitions/614.html
OWASP: Secure Flaghttps://www.owasp.org/index.php/SecureFlag
Rapid7: Missing Secure Flag From SSL Cookiehttps://www.rapid7.com/db/vulnerabilities/http-cookie-secure-flag
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0009---cookie-without-httponly-flag
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-13
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-14
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-14
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-15
CWE-1004: Sensitive Cookie Without 'HttpOnly' Flaghttps://cwe.mitre.org/data/definitions/1004.html
Coding Horror blog: Protecting Your Cookies: HttpOnlyhttp://blog.codinghorror.com/protecting-your-cookies-httponly/
OWASP: HttpOnlyhttps://www.owasp.org/index.php/HttpOnly
Rapid7: Missing HttpOnly Flag From Cookiehttps://www.rapid7.com/db/vulnerabilities/http-cookie-http-only-flag
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#view-state
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0023---view-state-not-encrypted
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-14
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-15
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-15
machine keyhttps://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.100).aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-16
CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Frameworkhttps://cwe.mitre.org/data/definitions/554.html
MSDN: pages Element (ASP.NET Settings Schema)https://msdn.microsoft.com/en-us/library/950xf363(v=vs.100).aspx
MSDN: ViewStateEncryptionMode Propertyhttps://msdn.microsoft.com/en-us/library/system.web.configuration.pagessection.viewstateencryptionmode(v=vs.100).aspx
MSDN: machineKey Element (ASP.NET Settings Schema)https://msdn.microsoft.com/en-us/library/w8h3skw9(v=vs.100).aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0024---view-state-mac-disabled
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-15
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-16
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-16
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-17
CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Frameworkhttps://cwe.mitre.org/data/definitions/554.html
MSDN: pages Element (ASP.NET Settings Schema)https://msdn.microsoft.com/en-us/library/950xf363(v=vs.100).aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#request-validation
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0017---request-validation-disabled-attribute
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-16
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-17
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-17
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-18
CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Frameworkhttps://cwe.mitre.org/data/definitions/554.html
MSDN: Request Validation in ASP.NEThttps://msdn.microsoft.com/en-us/library/hh882339(v=vs.110).aspx
OWASP: ASP.NET Request Validationhttps://www.owasp.org/index.php/ASP.NET_Request_Validation
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0021---request-validation-disabled-configuration-file
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-17
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-18
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-18
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-19
CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Frameworkhttps://cwe.mitre.org/data/definitions/554.html
MSDN: pages Element (ASP.NET Settings Schema)https://msdn.microsoft.com/en-us/library/950xf363(v=vs.100).aspx
MSDN: Request Validation in ASP.NEThttps://msdn.microsoft.com/en-us/library/hh882339(v=vs.110).aspx
OWASP: ASP.NET Request Validationhttps://www.owasp.org/index.php/ASP.NET_Request_Validation
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0030---request-validation-is-enabled-only-for-pages-configuration-file
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-18
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-19
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-19
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-20
CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Frameworkhttps://cwe.mitre.org/data/definitions/554.html
MSDN: pages Element (ASP.NET Settings Schema)https://msdn.microsoft.com/en-us/library/950xf363(v=vs.100).aspx
MSDN: Request Validation in ASP.NEThttps://msdn.microsoft.com/en-us/library/hh882339(v=vs.110).aspx
OWASP: ASP.NET Request Validationhttps://www.owasp.org/index.php/ASP.NET_Request_Validation
MSDN: RequestValidationMode Propertyhttps://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.requestvalidationmode(v=vs.110).aspx
XSShttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0029
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#password-management
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0015---hardcoded-password
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-19
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-20
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-20
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-21
CWE-259: Use of Hard-coded Passwordhttps://cwe.mitre.org/data/definitions/259.html
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0034---password-requiredlength-not-set
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-20
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-21
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-21
Password Complexityhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0033
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-22
CWE-521: Weak Password Requirementshttps://cwe.mitre.org/data/definitions/521.html
MSDN: ASP.NET Identity PasswordValidator Classhttps://msdn.microsoft.com/en-us/library/microsoft.aspnet.identity.passwordvalidator.aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0032---password-requiredlength-too-small
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-21
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-22
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-22
Password Complexityhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0033
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-23
CWE-521: Weak Password Requirementshttps://cwe.mitre.org/data/definitions/521.html
MSDN: ASP.NET Identity PasswordValidator Classhttps://msdn.microsoft.com/en-us/library/microsoft.aspnet.identity.passwordvalidator.aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0033---password-complexity
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-22
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-23
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-23
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-24
CWE-521: Weak Password Requirementshttps://cwe.mitre.org/data/definitions/521.html
MSDN: ASP.NET Identity PasswordValidator Classhttps://msdn.microsoft.com/en-us/library/microsoft.aspnet.identity.passwordvalidator.aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#other
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0011---unsafe-xslt-setting-used
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-23
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-24
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-25
CWE-611: Improper Restriction of XML External Entity Referencehttps://cwe.mitre.org/data/definitions/611.html
XSLT Server Side Injection Attackshttps://www.contextis.com/us/blog/xslt-server-side-injection-attacks
XML Attack for C# Remote Code Executionhttps://zerosum0x0.blogspot.com/2016/05/xml-attack-for-c-remote-code-execution.html
XsltSettings.EnableScript Propertyhttps://docs.microsoft.com/en-us/dotnet/api/system.xml.xsl.xsltsettings.enablescript?view=net-5.0
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0012---controller-method-is-potentially-vulnerable-to-authorization-bypass
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-24
customizehttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#external-configuration-files
rulehttps://github.com/security-code-scan/security-code-scan/blob/6541aa9c52e856b2ce9da7d5916d8358760373da/SecurityCodeScan/Config/Main.yml#L2500
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-25
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-24
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-26
CWE-284: Improper Access Controlhttps://cwe.mitre.org/data/definitions/284.html
Access control vulnerabilities and privilege escalationhttps://portswigger.net/web-security/access-control
Simple authorization in ASP.NET Corehttps://docs.microsoft.com/en-us/aspnet/core/security/authorization/simple?view=aspnetcore-3.1
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0016---cross-site-request-forgery-csrf
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-25
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-26
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-25
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-27
CWE-352: Cross-Site Request Forgery (CSRF)https://cwe.mitre.org/data/definitions/352.html
OWASP: Cross-Site Request Forgeryhttps://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
OWASP: CSRF Prevention Cheat Sheethttps://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0019---outputcache-conflict
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-26
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-27
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-26
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-28
CWE-524: Use of Cache Containing Sensitive Informationhttps://cwe.mitre.org/data/definitions/524.html
Improving Performance with Output Cachinghttps://docs.microsoft.com/en-us/aspnet/mvc/overview/older-versions-1/controllers-and-routing/improving-performance-with-output-caching-cs
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0022---event-validation-disabled
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-27
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-28
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-27
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-29
CWE-554: ASP.NET Misconfiguration: Not Using Input Validation Frameworkhttps://cwe.mitre.org/data/definitions/554.html
MSDN: pages Element (ASP.NET Settings Schema)https://msdn.microsoft.com/en-us/library/950xf363(v=vs.100).aspx
MSDN: Page.EnableEventValidation Propertyhttp://msdn.microsoft.com/en-us/library/system.web.ui.page.enableeventvalidation.aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0027---open-redirect
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-28
phishinghttps://en.wikipedia.org/wiki/Phishing
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-29
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-28
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-30
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')https://cwe.mitre.org/data/definitions/601.html
Microsoft: Preventing Open Redirection Attacks (C#)https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/preventing-open-redirection-attacks
OWASP: Unvalidated Redirects and Forwards Cheat Sheethttps://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
Hacksplaining: preventing malicious redirectshttps://www.hacksplaining.com/prevention/open-redirects
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#scs0028---insecure-deserialization
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#risk-29
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#vulnerable-code-30
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#solution-29
Data Transfer Objects (DTO)https://en.wikipedia.org/wiki/Data_transfer_object
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#references-31
CWE-502: Deserialization of Untrusted Datahttps://cwe.mitre.org/data/definitions/502.html
BlackHat USA 2017: Friday the 13th: JSON Attackshttps://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf
BlueHat v17: Dangerous Contents - Securing .Net Deserializationhttps://www.slideshare.net/MSbluehat/dangerous-contents-securing-net-deserialization
BlackHat USA 2012: Are you my type?https://media.blackhat.com/bh-us-12/Briefings/Forshaw/BH_US_12_Forshaw_Are_You_My_Type_Slides.pdf
OWASP: Deserialization of untrusted datahttps://www.owasp.org/index.php/Deserialization_of_untrusted_data
Deserialization payload generator for a variety of .NET formattershttps://github.com/pwntester/ysoserial.net
.NET Deserialization Passive Scannerhttps://github.com/pwntester/dotnet-deserialization-scanner
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#release-notes
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#567
@matteo-tosihttps://github.com/matteo-tosi
#262https://github.com/security-code-scan/security-code-scan/pull/262
Full Changeloghttps://github.com/security-code-scan/security-code-scan/compare/5.6.6%E2%80%A65.6.7
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#566
#258https://github.com/security-code-scan/security-code-scan/issues/258
Full Changeloghttps://github.com/security-code-scan/security-code-scan/compare/5.6.5%E2%80%A65.6.6
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#565
#257https://github.com/security-code-scan/security-code-scan/issues/257
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#564
#246https://github.com/security-code-scan/security-code-scan/issues/246
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#563
#248https://github.com/security-code-scan/security-code-scan/pull/248
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#562
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#561
#239https://github.com/security-code-scan/security-code-scan/issues/239
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#560
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#521
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#510
scripthttps://github.com/SPoint42/SecurityTools/tree/main/SCDotNet2DefectDojo
Sebastien gioriahttps://github.com/SPoint42
DefectDojohttps://github.com/DefectDojo/django-DefectDojo
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#500
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#353
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#352
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#350
@watfordgnfhttps://github.com/watfordgnf
@indy-singhhttps://github.com/indy-singh
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#340
ReportAnalysisCompletionhttps://github.com/security-code-scan/security-code-scan/commit/792c265cd218ea7abb8433d52ca159eb90ab91ae#diff-34b8f54577569f3aae468b7f58cc5d02
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#330
@kevin-montrosehttps://github.com/kevin-montrose
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#320
#117https://github.com/security-code-scan/security-code-scan/issues/117
#71https://github.com/security-code-scan/security-code-scan/issues/71
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#310
Andrei!https://github.com/zaichenko
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#300
contributorshttps://github.com/security-code-scan/security-code-scan/graphs/contributors
issues or feature requestshttps://github.com/security-code-scan/security-code-scan/issues?utf8=%E2%9C%93&q=is%3Aissue
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#280
microsoft/dotnet 2.1 docker containerhttps://hub.docker.com/r/microsoft/dotnet/
SecurityCodeScan.VS2017 NuGet packagehttps://www.nuget.org/packages/SecurityCodeScan.VS2017
built-in configurationhttps://github.com/security-code-scan/security-code-scan/blob/master/SecurityCodeScan/Config/Main.yml
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#271
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#270
Insecure deserialization analyzershttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#SCS0028
Json.NEThttps://www.newtonsoft.com/json
BinaryFormatterhttps://msdn.microsoft.com/en-us/library/system.runtime.serialization.formatters.binary.binaryformatter(v=vs.110).aspx
FastJSONhttps://github.com/mgholam/fastJSON
JavaScriptSerializerhttps://msdn.microsoft.com/en-us/library/system.web.script.serialization.javascriptserializer(v=vs.110).aspx
DataContractJsonSerializerhttps://msdn.microsoft.com/en-us/library/system.runtime.serialization.json.datacontractjsonserializer(v=vs.110).aspx
NetDataContractSerializerhttps://msdn.microsoft.com/en-us/library/system.runtime.serialization.netdatacontractserializer(v=vs.110).aspx
XmlSerializerhttps://msdn.microsoft.com/en-us/library/system.xml.serialization.xmlserializer(v=vs.110).aspx
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#261
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#260
See how to enable.https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#AnalyzingConfigFiles
https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#250
https://github.com/security-code-scan/security-code-scan/tree/vs2019/websitehttps://github.com/security-code-scan/security-code-scan/tree/vs2019/website
security-code-scan.github.iohttps://security-code-scan.github.io
Readme https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io#readme-ov-file
Please reload this pagehttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
Activityhttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/activity
Custom propertieshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/custom-properties
7 starshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/stargazers
0 watchinghttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/watchers
5 forkshttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/forks
Report repository https://patch-diff.githubusercontent.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Fsecurity-code-scan%2Fsecurity-code-scan.github.io&report=security-code-scan+%28user%29
Please reload this pagehttps://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io
JavaScript 61.9% https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/search?l=javascript
CSS 29.7% https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/search?l=css
HTML 8.4% https://patch-diff.githubusercontent.com/security-code-scan/security-code-scan.github.io/search?l=html
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.