Link to this headingView State
On Websites that use ASP.NET the view state is used to control properties and variables of the page. This information is embedded in the webpage and is sent back to the server on requests. Usually only in POST requests.
Information in the View state includes:
EventValidation: checks the incoming values in a POST to ensure the values are known, good values.ViewStateUserKey: Add a session ID to the view state to protect against CSRF.ValidateAntiForgeryToken: Requires all POST forms to have a CSRF tokenViewStateMac: MAC used to prevent modification of the data.ViewStateEncryption: If set used to encrypt the viewstate.
Link to this headingObtaining a Machine Key
https://notsosecure.com/project-blacklist3r/
Blacklist3r: If the application uses pre-shared machine key
Directory Traversal attack to get access to web.config file
Information Disclosure