Browse by Tags

Tagged Content List
  • Blog Post: FxCop ASP.NET Security Rules release

    The FxCop ASP.NET security rules have finally been released after being used for quite some time internally. You can read more about it in this month MSDN magazine on http://msdn.microsoft.com/en-us/magazine/gg490350.aspx The rules are available on codeplex at http://fxcopaspnetsecurity.codeplex...
  • Blog Post: Strict Transport Security ASP.NET Module

    I’ve been tackling the problem of users connecting to online services from untrusted network. At work we typically call this the “Startbucks” scenario where a user is connecting to a random wifi and accessing corporate data through online services. For the majority of the cases, the browser is used to...
  • Blog Post: Using ValidateRequest to detect when XSS is occuring

    In a way to limit the risk of Cross-Site Scripting (XSS) attacks, ASP.NET 2.0 introduced a way to detect such attack and automatically reject the request. This functionality is exposed by the PageSections.ValidationRequest and is turned on by default. This should not be considered an s a full proof solution...
  • Blog Post: Watch out for scheme relative urls

    Doing my usual random code browsing yesterday I stumbled on a method that peaked my curiosity. The intent of the method is to only allow redirect to relative paths. If the redirect is not a relative path, it is rejected. Let’s look at the implementation. public static void SafeRedirect( HttpResponse...
  • Blog Post: Lessons Learned at Windows Live by Using ASP.NET MVC

    We published a new security whitepaper base on our experience with ASP.NET MVC. The whitepaper is available at http://www.microsoft.com/downloads/details.aspx?FamilyID=7606f801-70c5-49ca-a18c-91d4ed725833&displaylang=en
Page 1 of 1 (5 items)