Configuration Options to Secure ASP.NET Application

If you have ASP.NET website on internet, you must make sure to implement following cofiguration steps to secure your website. Block libwww-perl attack in ASP.NET Application hosted in IIS – Follow this article to configure this. Some response headers reveal technical details about the server which must be removed. For example a sample response from an ASP.Net application may look like this In this response “Server”, “X-AspNet-Version”, “X-Powered-By” headers are revealing technical details about the server. We can remove these unnecessary IIS response headers as following Remove “X-Powered-By” Header – Open web.config and check for customHeaders tag. If this is not already there, then add it as child of “<httpProtocol>” and add “remove” entry for X-Powered-By as shown below

You should also check the response from your Asp.Net application if this is using a shared hosting which may add additional server specific information to response headers. Add remove entry for all such headers in your web.config. Remove “X-AspNet-Version” Header[…]

Quick Tip

WebP Image Fallback Options

WebP is a relatively new image format which provides lossless and lossy compression for web images. It was developed and released by Google in 2010. Accroding to Google WebP format saves around 25-30% of image size which is a big saving for image-heavy sites. Even for normal sites, it saves a lot of network bandwidth and results in overall performance improvement of a web site (in turn a better ranking by search engines). Even though this format has been there since 2010, it is still not supported by all browsers.The good thing is that it is natively supported in Google Chrome and the Opera browsers which cover for bigger chunk of browser market share. For mobile sites this format has become a necessity to optimize load time of websites on mobile. Google provides tools to convert images from one format(png, jpg etc) to webp and viceversa https://developers.google.com/speed/webp/ If we are using webp format of[…]

Pixel Drawings

A little online tool (Pixel Draw) I made a while back to test out my creativity has attracted some very creative people from around the globe. I recently checked out archived images and and have been pleasantly surpised to see some very creative designs. Below are a few examples Thanks to the original creators. More such drawings @ http://www.netexl.com/pixeldraw/drawings  

Quick Tip

Configure X-XSS-Protection in ASP.NET

To enable X-XSS-Protection header in IIS add following to your site’s Web.config file.

Read more about X-XSS-Protection header here.

“App not Installed” Error on Android When Updating to Newer Version

I recently updated an old Cordova Android app and tried to install it on my Android phone which had previous version installed already and the install failed with the message “App Not Installed”. Other than updating Android version and couple of plugins, everything else was same old and I had correctly changed “android-versionCode” as well as “version” to higher number so nothing looked wrong but I suspected it had something to do with either the version code or the certificates I was using to sign the app so I decided to look into the previous APK file and try to find something out. We can use AAPT tool to look into APK files which can be found in build-tools\<buildToolVersion> folder (for ex, C:\Program Files (x86)\Android\android-sdk\build-tools\23.0.1). Go to the folder and run following command in the command prompt

It turned out that though I had android-versionCode code in my config[…]