Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| Anonymous authentication is disabled in IIS. |
|
| ASP.NET is configured for Windows authentication. |
|
| Client credentials are configured at the client through the proxy object. |
|
| Authentication connection sharing is used to improve performance. |
|
| Clients are forced to authenticate on each call ( unsafeAuthenticatedConnectionSharing is set to "false"). |
|
| connectionGroupName is specified to prevent unwanted reuse of authentication connections. |
|
| Plain text credentials are not passed over the network. |
|
| IPrincipal objects passed from the client are not trusted. |
Категории