Browse by Tags

Tagged Content List
  • Blog Post: Using ValidateRequest to detect when XSS is occuring

    In a way to limit the risk of Cross-Site Scripting (XSS) attacks, ASP.NET 2.0 introduced a way to detect such attack and automatically reject the request. This functionality is exposed by the PageSections.ValidationRequest and is turned on by default. This should not be considered an s a full proof solution...
  • Blog Post: Fxcop HtmlSpotter - Spotting ASP.NET XSS using Fxcop and Html encoding document

    In my previous post , I provided a list of which ASP.NET HTML control property that offers automatic HTML encoding. As a side note, I was made aware that an older version of that file is available from the support files of the Hunting Security Bugs book. I initially received this document from Tom Gallagher...
  • Blog Post: Which ASP.NET Controls Automatically Encodes?

    I've had a lot of people ask me which ASP.NET control offers automatic html encoding and the answer I had for a long time was to look at MSDN or even write a quick sample and test the behavior. If you are asking yourself the same question, you can now use the attached document to see if the control if...
Page 1 of 1 (3 items)