How To Prevent BREACH Attack in ASP.NET MVC 5 Apps?

BREACH attack -
1.     Disabling HTTP compression
2.     Separating secrets from user input
3.     Randomizing secrets per request
4.     Masking secrets (effectively randomizing by XORing with a random secret per request)
5.     Protecting vulnerable pages with CSRF
6.     Length hiding (by adding random number of bytes to the responses)
7.     Rate-limiting the requests
This is reported by this tool -

How To Prevent BREACH attacks in ASP.NET MVC 5 Apps? How do we implement them?
The Points will need to be Implements to Prevent the BREACH Attacks -
1.     Implement the CSRF attacks on every form.
2.     Encrypt all sensitive information within the response body.
3.     Disabling HTTP compression in IIS and the BREACH ATTACH issue was no longer raise by our security scans by

How To Disabling HTTP compression?

Disabling HTTP Compression - Windows 8 or Windows 8.1
The Steps Are -
1.     Go to Start => Control Panel
2.     Control Panel => Programs and Features and click on Turn Windows features on or off
3.     Expand Internet Information Services
4.     Expand World Wide Web Services
5.     Expand Performance Features
6.     Select Dynamic Content Compression and Static Content Compression
7.     Ok
8.     Close

Disabling HTTP compression - Windows Server 2012 or Windows Server 2012 R2
The Steps Are -
1.     GO to Server Manager
2.     Click the Manage menu
3.     Click Add Roles and Features
4.     Add Roles and Features wizard
5.     Click to Next button
6.     Select the installation type
7.     Click to Next button
8.     Select the destination server
9.     Click to Next button
10.  Server Roles
11.  Expand Web Server (IIS)
12.  Expand Web Server
13.  Expand Performance
14.  Select Static Content Compression and Dynamic Content Compression
15.  Click to Next button
16.  Select features
17.  Click Next button
18.  Confirm installation selections
19.  Click to Install
20.  Close

How To Enable or Disable Static and Dynamic Compression for a site or application?
The steps to enable or disable static and dynamic compression for a site -
1.     Open Internet Information Services (IIS) Manager
2.     Go to IIS application directory and select the site for enable or disable compression
3.     Go to Home
4.     Go to Compression and double click
5.     Check the check-boxes to enable static and dynamic compression or remove the compression.
6.     Once you have completed the above steps, click Apply in the actions pane.
References -  

I hope you are enjoying with this post! Please share with you friends. Thank you!

Anil Singh is an author, tech blogger, and software programmer. Book writing, tech blogging is something do extra and Anil love doing it. For more detail, kindly refer to this link..

My Tech Blog -
My Books - Book 1 and Book 2 Powered by Blogger.