Hi all,
my client tested my Asp Website application by IBM Rational AppScan Sofware..during that i got follwing Security Report Issues
1.Temporary File Download/Alternate Version of File Detected
Remediation Tasks : Remove old versions of files from the virtual directory
How can i Remove old version of Virtual directory from IIS or any other?
2 .Unencrypted Login Request
Remediation Tasks :Always use SSL and POST (body) parameters when sending sensitive information
Reasoning:AppScan identified a password parameter that was not sent over SSL
3.Session Identifier Not Updated
Remediation Tasks: Do not accept externally created session identifiers
Reasoning: One or more session identifiers were not updated in the response
4.Cross-Site Request Forgery
Remediation Tasks: Decline malicious requests
Reasoning:The test response is identical to the original valid response, meaning that the login attempt was successful, although it included hazardous characters.
How can i clear above Issues. kindly Share your ideas.
thanks
raju.R