ViewState: Encrypted or Encoded?
Filed under: Security
One of the many ways to maintain state within an ASP.Net application is to use the ViewState. ViewState is sent to the client embedded in the HTML response. The ViewState can be found by viewing the page source and looking for the hidden __VIEWSTATE tag (seen below). <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzgzNDMwNTMzDxYCHglGaXJzdE5hbWUFBUphbWVzZGTh6rDFbP6RwQU6igzX8 vn5IrEPyQ==" /> Looking at the ViewState above ...
Security Awareness
I have been working with application security for the past few years while doing my normal day to day development. I am very active in the security community and it always blows my mind how many developers are still uneducated about security. I believe that the trends of the hackers has moved from ...
Follow Us
