My ASP.NET Web application did not make use of the HTTP Stri

Question

Hi My ASP.NET Web application did not make use of the HTTP Strict Transport Security (HSTS) mechanism. This could potentially expose users to Man in the Middle (MitM) attacks. When a web application uses HSTS it specifies that users must connect using HTTPS and that communication should cease if there are any errors in the certificate chain. In this way users are prevented from clicking through certificate errors or accessing the application over a compromised channel. How to implement HSTS How Can I Prevent exposing users to Man in the Middle (MitM) attacks?

Manikandan Murugesan · Answer

Refer the following link : http://brianflove.com/2014/12/08/enabling-strict-transport-security-hsts/ https://www.ionic.com/blog/mitm-attacks-ssl-pinning-what-is-it-and-why-you-should-care/ https://www.clickssl.net/blog/how-to-stay-safe-against-the-man-in-the-middle-attack

Bryian Tan · Answer

Take a look at this article on how to implement it if that is the requirement for your application. http://www.hanselman.com/blog/HowToEnableHTTPStrictTransportSecurityHSTSInIIS7.aspx Addtional reading http://www.c-sharpcorner.com/article/insecure-transport-missing-public-key-pinning/