Published on May 15th, 2013 📆 | 5564 Views ⚑0
SCIP – Indentify, Enumerate and Execute Invisible ASP.net Controls
SCIP is an OWASP ZAP extension designed to assess the security of ASP.net and Mono applications, while abusing platform specific behaviors and misconfigurations.
Rebuild the event validation whenever possible (MAC=off)
Execute invisible controls when either one of the security features is turned OFF, or when there is a server-side callback implementation flaw.
Execute disabled controls and commented out controls regardless of security
Support additional manual techniques for executing controls despite the security features.