Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Anti-XSS   (RSS)
This Blog URL Has Changed – Please Update Your Readers
Things have been quite on the blog for while. There is a LOT of code being cranked out at the moment as we work towards some deadlines in the summer on various projects. Our team name has also changed from the Connected Information Security Group (CISG) Read More...
Posted: Thursday, April 16, 2009 3:52 PM by cisg | 1 Comments
Filed under: , , , , ,
Getting Help for CAT.NET and Anti-XSS
We now have a discussion forum for users of CAT.NET. There is no official support for these tools but you can ask questions and we will try to help wherever we can! CAT.NET - http://social.msdn.microsoft.com/Forums/en-US/catnet/threads/ Anti-XSS - http://www.codeplex.com/AntiXSS/Thread/List.asp Read More...
Posted: Monday, February 23, 2009 2:42 PM by cisg | 1 Comments
Filed under: , , ,
AntiXSS Library V3.0 - Test Harness
Hi, Anil Chintala here… In this post I wanted to talk about the new Test Harness application which was released as part of the AntiXSS V3.0 Beta and is available as a free download on MSDN with source code available for download on CodePlex . Test Read More...
Posted: Monday, January 19, 2009 10:55 AM by cisg | 4 Comments
Filed under: ,
Free MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200)
Language(s): English. Product(s): Security. Audience(s): Developer. Duration: 60 Minutes Start Date: Friday, January 09, 2009 12:00 PM Pacific Time (US & Canada) Register Here Read More...
Posted: Sunday, January 04, 2009 9:36 AM by cisg | 1 Comments
Filed under: , , ,
CAT.NET CTP Links Are Live Again!
Download CAT.NET CTP ( 32 bit here and 64 bit here ) Anti-XSS was not affected but for completeness Download Anti-XSS 3.0 Beta ( here and source code here ) Our sincere apologies. Read More...
Posted: Thursday, December 18, 2008 12:37 AM by cisg | 1 Comments
Filed under: , , ,
How the Anti-XSS 3.0 SRE Works
RV again... Last time around we looked at SRE from a conceptual perspective , this time lets look at from a code perspective. Lets trace the program flow and understand in depth what SRE code does. SRE is a HttpModule, the main class file is AntiXssModule.cs Read More...
Posted: Tuesday, December 16, 2008 11:41 AM by cisg | 1 Comments
Filed under: ,
A Sneak Peak at the Security Runtime Engine
RV here again... Traditionally security fixes are applied to specific pieces of code where a vulnerability exists which usually involves some development and testing effort. Imagine a system where an application is instantly secured by simple configuration. Read More...
Posted: Friday, October 24, 2008 9:14 AM by cisg | 4 Comments
Filed under: ,
ASP.NET Data Binding and AntiXss Encoding
Hi RV here again... Last time I looked at ASP.NET controls and few common scenarios where you need to use encoding. Couple of weeks back we looked at a sample data binding scenario. This time lets exclusively look at various ASP.NET data binding techniques Read More...
Posted: Wednesday, October 01, 2008 10:50 AM by cisg | 2 Comments
Filed under: , ,
Which ASP.NET Controls Need HTML Encoding?
RV here... Last time we saw some some real world XSS examples. This time we will look at which common ASP.NET controls require encoding. Some controls in ASP.NET automatically encode certain properties when rendered, not all the controls do the same. Read More...
Posted: Wednesday, September 17, 2008 9:42 AM by cisg | 4 Comments
Filed under: ,
Real World XSS Vulnerabilities in ASP.NET Code
RV here again... From couple of weeks we have been seeing some XSS vulnerabilities in asp.net code. Today I wanted to show you guys some real world examples ranging from property assignments, data binding and JavaScript building. For each example, I will Read More...
Posted: Wednesday, September 10, 2008 7:00 AM by cisg | 6 Comments
Filed under: ,
How To: Detect Cross Site Scripting Vulnerabilities using XSSDetect
RV again... Last time we saw how to fix a cross site scripting (XSS) vulnerability. This time we look at how we can detect cross site scripting vulnerabilities using automated tools. Being the most common vulnerability found in web applications, it is Read More...
Posted: Monday, September 01, 2008 10:50 PM by cisg | 5 Comments
Filed under: ,
Introduction to Dennis Groves
Dennis Groves here..... Hello, my name is Dennis Groves and I am a Program Manager in the CISG (Connected Information Security Group) at Microsoft. Before joining Microsoft I was a Security Consultant with IBM Security and Privacy Services. At IBM my Read More...
Posted: Friday, August 29, 2008 8:00 PM by cisg | 1 Comments
Filed under: ,
UTF-8 Encoding
Hello there! My name is Andreas Fuchsberger, I am a developer in the CISG team based in Germany. I joined CISG after a short stint with Assessment, Consulting and Engineering (ACE) Team part of the InfoSec in Microsoft IT. I am a relatively new to Microsoft Read More...
Posted: Thursday, August 28, 2008 1:53 PM by cisg | (Comments Off)
Filed under: , , ,
What Does ANTI-XSS Offer for HTML Sanitization?
Hi Vineet here..... My name is Vineet Batta and in keeping with the other introductions here are a few words about myself. I have an engineering degree in Electronics & Communication and have spent quite a lot of time doing security reviews in the Read More...
Posted: Wednesday, August 27, 2008 8:41 PM by cisg | 3 Comments
Filed under: , ,
What is the Microsoft Anti-XSS Library?
RV here..... My full name is Anil Kumar Venkata Revuru but people call me RV around here. I am a Senior Software Development Engineer (SDE in MSFT speak) for CISG where I am responsible for architecting security tools. In my past life at Microsoft I conducted Read More...
Posted: Tuesday, August 26, 2008 9:05 AM by cisg | 7 Comments
Filed under: , , ,
More Posts Next page »
Page view tracker