Skip to content
I was once presented the following question as a part of a job interview: ‘You have a web page that is running slowly. How do you find out why it’s running slowly.’ I really enjoyed answering this question and have used it myself when conducting interviews. Why do I like it? Firstly it shows how someone approaches a problem and how they can systematically work through it. Secondly there is no single correct answer, but many possible solutions.
When performing a penetration test on a .Net Core web site to find security vulnerabilities, some common issues may be found that are not handled by the default .Net Core template in Visual Studio. One of the tools I use to carry out penetration tests in the Zed Attack Proxy (ZAP) that is part of Open Web Application Security Project (OWASP).
Below is a list of some of the common alerts that may be flagged by ZAP or similar tools, and how to fix each one in .