I have a page that filters a recordset, creates a session variable then redirects.
I ran a scan and found the following vulnerabilities:
Server responded 200 to unnecessarily large random request body(over 64 KB) for URL https://www.domain
... etc ... , significantly increasing attacker's chances to prolong slow HTTP POST attack.
It has been detected by exploiting the parameter ASPSESSIONIDSUTBABRD
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
In order to detect this content, no authentication has been required.
Here is the path followed by the scanner to reach the exploitable URL:
How can I secure this page to prevent this errors from happening ?