Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft .NET ViewState Detection and Decoding

Info

Synopsis

Microsoft .NET ViewState data has been detected.

Description

Microsoft .NET often stores and passes web session state via a ViewState hidden form field. This field is used by the server to store client or server information which is then used as business logic.

Solution

Examine the decoded string to ensure that confidential data is not being included within the ViewState string. Enable hashing of the ViewState string.