Sacha Faust Web Security Blog

FxCop ASP.NET Security Rules release

The FxCop ASP.NET security rules have finally been released after being used for quite some time...

Author: TheFaust Date: 12/13/2010

Strict Transport Security ASP.NET Module

I’ve been tackling the problem of users connecting to online services from untrusted network. At...

Author: TheFaust Date: 05/11/2010

Using ValidateRequest to detect when XSS is occuring

In a way to limit the risk of Cross-Site Scripting (XSS) attacks, ASP.NET 2.0 introduced a way to...

Author: TheFaust Date: 04/28/2010

Lessons Learned at Windows Live by Using ASP.NET MVC

We published a new security whitepaper base on our experience with ASP.NET MVC. The whitepaper is...

Author: TheFaust Date: 12/08/2009

Fxcop rule to verify the use of ASP.NET MVC AntiforgeryTokenAttribute

I’ve been working on code auditing for a project that makes use of the latest ASP.NET MVC api....

Author: TheFaust Date: 01/07/2009

Checking for ViewStateUserKey using FxCop

ASP.NET has had a mitigation to prevent against CSRF/One-Click attacks since 1.1 with the use of...

Author: TheFaust Date: 09/25/2008

Fxcop HtmlSpotter - Spotting ASP.NET XSS using Fxcop and Html encoding document

In my previous post, I provided a list of which ASP.NET HTML control property that offers automatic...

Author: TheFaust Date: 09/18/2008

Which ASP.NET Controls Automatically Encodes?

I've had a lot of people ask me which ASP.NET control offers automatic html encoding and the answer...

Author: TheFaust Date: 09/02/2008