Sign in
Sacha Faust Web Security Blog
Translate This Page
Translate this page
Powered by
Microsoft® Translator
Options
Email Blog Author
RSS for posts
Atom
RSS for comments
OK
Search
Tags
ASP.NET
Code Review
CSRF
FxCop
MVC
One-Click
Security
STS
XSS
Archive
Archives
December 2010
(1)
May 2010
(1)
April 2010
(1)
March 2010
(1)
December 2009
(1)
January 2009
(1)
September 2008
(3)
Posts
Subscribe via RSS
Sort by:
Most Recent
|
Most Views
|
Most Comments
Excerpt View
|
Full Post View
Sacha Faust Web Security Blog
Checking for ViewStateUserKey using FxCop
Posted
over 5 years ago
by
TheFaust
0
Comments
ASP.NET has had a mitigation to prevent against CSRF/One-Click attacks since 1.1 with the use of Page.ViewStateUserKey property. I've implemented a basic FXCop rule to verify if this property is used on each page. The rule is basic so it doesn't look...
Sacha Faust Web Security Blog
Fxcop HtmlSpotter - Spotting ASP.NET XSS using Fxcop and Html encoding document
Posted
over 5 years ago
by
TheFaust
3
Comments
In my previous post , I provided a list of which ASP.NET HTML control property that offers automatic HTML encoding. As a side note, I was made aware that an older version of that file is available from the support files of the Hunting Security Bugs book...
Sacha Faust Web Security Blog
Which ASP.NET Controls Automatically Encodes?
Posted
over 5 years ago
by
TheFaust
4
Comments
I've had a lot of people ask me which ASP.NET control offers automatic html encoding and the answer I had for a long time was to look at MSDN or even write a quick sample and test the behavior. If you are asking yourself the same question, you can now...
Page 1 of 1 (3 items)