Browse by Tags

Tagged Content List
  • Blog Post: FxCop ASP.NET Security Rules release

    The FxCop ASP.NET security rules have finally been released after being used for quite some time internally. You can read more about it in this month MSDN magazine on http://msdn.microsoft.com/en-us/magazine/gg490350.aspx The rules are available on codeplex at http://fxcopaspnetsecurity.codeplex...
  • Blog Post: Watch out for scheme relative urls

    Doing my usual random code browsing yesterday I stumbled on a method that peaked my curiosity. The intent of the method is to only allow redirect to relative paths. If the redirect is not a relative path, it is rejected. Let’s look at the implementation. public static void SafeRedirect( HttpResponse...
  • Blog Post: Fxcop HtmlSpotter - Spotting ASP.NET XSS using Fxcop and Html encoding document

    In my previous post , I provided a list of which ASP.NET HTML control property that offers automatic HTML encoding. As a side note, I was made aware that an older version of that file is available from the support files of the Hunting Security Bugs book. I initially received this document from Tom Gallagher...
  • Blog Post: Which ASP.NET Controls Automatically Encodes?

    I've had a lot of people ask me which ASP.NET control offers automatic html encoding and the answer I had for a long time was to look at MSDN or even write a quick sample and test the behavior. If you are asking yourself the same question, you can now use the attached document to see if the control if...
Page 1 of 1 (4 items)