Browse by Tags

Tagged Content List
  • Blog Post: Fxcop rule to verify the use of ASP.NET MVC AntiforgeryTokenAttribute

    I’ve been working on code auditing for a project that makes use of the latest ASP.NET MVC api. Turned out that it didn’t benefit from the built-in CSRF mitigation available since preview 5 version of the api. The mitigation is quite simple and generates tokens and validates them inside controller actions...
  • Blog Post: Checking for ViewStateUserKey using FxCop

    ASP.NET has had a mitigation to prevent against CSRF/One-Click attacks since 1.1 with the use of Page.ViewStateUserKey property. I've implemented a basic FXCop rule to verify if this property is used on each page. The rule is basic so it doesn't look at what is assigned to the property and only looks...
Page 1 of 1 (2 items)