Last post Dec 07, 2015 05:54 PM by desertfoxaz
Dec 02, 2015 10:53 PM|desertfoxaz|LINK
We had a third-party security audit and they found a bunch of things that needed to be corrected. We fixed all of them, except for one. They claim we still have a problem with Cross Frame Scripting and clickjacking. The test put out login page within
a frame in a page on a completely different website, which could be exploited. While it is considered a low threat, my boss wants me to resolve this.
What we did originally was put this in the web.config:
<add name="X-Frame-Options" value="SAMEORIGIN" />
found a solution for this problem?
Dec 07, 2015 05:54 PM|desertfoxaz|LINK
This is a non-issue...My original solution does work. The test results I had were from before we made this change.