Eugene Siu's Thoughts on Security

Share my latest security research and techniques

Browse by Tags

Tagged Content List
  • Blog Post: ASP.NET ValidateRequest does not mitigate XSS completely

    As a security guy, I can safely say that there is no magic bullet to mitigate any security problems completely, and cross-site scripting(XSS) bugs are not exceptions. Since ASP.NET 1.1, ValidateRequest can be configured in web.config to check and reject dangerous inputs, and HttpRequestValidationException...
  • Blog Post: What is the maximum size of post requests to IIS?

    ASP applications are protected, but what happens to non-ASP requests? Currently, there is no limit. MaxRequestEntityAllowed is currently not set, but ASPMaxRequestEntityAllowed is set to 200k ASP is simply a type of ISAPI, so obviously, the more restrictive of the two will apply for ASP. MaxRequestEntityAllowed...
Page 1 of 1 (2 items)