BREACH
attack -
1. Disabling
HTTP compression
2. Separating
secrets from user input
3. Randomizing
secrets per request
4. Masking
secrets (effectively randomizing by XORing with a random secret per request)
5. Protecting
vulnerable pages with CSRF
6. Length
hiding (by adding random number of bytes to the responses)
7. Rate-limiting
the requests
This is reported by this tool - https://acunetix.com/
How
To Prevent BREACH attacks in ASP.NET MVC 5 Apps? How do we implement them?
The Points will need to be Implements to Prevent the
BREACH Attacks -
1. Implement
the CSRF attacks on every form.
2. Encrypt
all sensitive information within the response body.
3. Disabling
HTTP compression in IIS and the BREACH ATTACH issue was no longer raise by our
security scans by acunetix.com
How
To Disabling HTTP compression?
Disabling
HTTP Compression - Windows 8 or Windows 8.1
The Steps Are -
1. Go
to Start => Control Panel
2. Control
Panel => Programs and Features and click on Turn Windows features on or off
3. Expand
Internet Information Services
4. Expand
World Wide Web Services
5. Expand
Performance Features
6. Select
Dynamic Content Compression and Static Content Compression
7. Ok
8. Close
Disabling
HTTP compression - Windows Server 2012 or Windows Server 2012 R2
The Steps Are -
1. GO
to Server Manager
2. Click
the Manage menu
3. Click
Add Roles and Features
4. Add
Roles and Features wizard
5. Click
to Next button
6. Select
the installation type
7. Click
to Next button
8. Select
the destination server
9. Click
to Next button
10. Server
Roles
11. Expand
Web Server (IIS)
12. Expand
Web Server
13. Expand
Performance
14. Select
Static Content Compression and Dynamic Content Compression
15. Click
to Next button
16. Select
features
17. Click
Next button
18. Confirm
installation selections
19. Click
to Install
20. Close
How
To Enable or Disable Static and Dynamic Compression for a site or application?
The steps to enable or disable static and dynamic
compression for a site -
1. Open
Internet Information Services (IIS) Manager
2. Go
to IIS application directory and select the site for enable or disable
compression
3. Go
to Home
4. Go
to Compression and double click
5. Check
the check-boxes to enable static and dynamic compression or remove the
compression.
6. Once
you have completed the above steps, click Apply in the actions pane.
References
-
I hope you are
enjoying with this post! Please share with you friends. Thank you!
|
Anil Singh is an author, tech blogger, and software programmer. Book writing, tech blogging is something do extra and Anil love doing it. For more detail, kindly refer to this link..
|
