Sakya's Blog

Sometime back I was working on a particular issue which was particularly interesting . They had a website that was configured to use Advanced Digest authentication from IIS , however the peculiar behaviour was that while using fire fox they received multiple authentication prompts for every GET request. Basically a click on any link or even a mere refresh on the current page was causing an authentication prompt. Where as the expected behaviour would be a single auth prompt initially to access the website , much like basic authentication. This worked just as expected on Internet Explorer :) That is when I decided to get to the bottom on this ...

Running a Custom Penetration test  on IIS 6.0 server having SSL enabled may show vulnerability reports as a weak encryption on IIS . ISA server 2000 acts as  proxy in front of the IIS server and also has certificate installed on it. The following is the error report  generated by the Custom penetration test when we have already forced SSL 3.0 , however still have the weak encryption keys supported on the server , which may be used by attackers to exploit man in the middle like attacks on the server.

The following scenarios establish the way the process identity and the thread identity are defined while building asp.net websites and publishing using the IIS webserver.