System.Security.SecureString Part II

Second part of the SecreString blog post. Check it out at Thanks RV

How the Anti-XSS 3.0 SRE Works

Published a new blog on how SRE works internally. Kind of a starter course on Anti-XSS SRE code. Check it out at How the Anti-XSS 3.0 SRE Works. Thanks RV

Anti-XSS Webcast

On January 9th there will be a webcast on technet about Anti-XSS v3.0. This will showcase some of the improvements done to the Anti-XSS library. The webcast registration url is Thanks RV

Security Deployment Review Tool Webcast

Deployment Reviews is a process to check a host for security settings, mostly those affect the applications that are hosted on that. A technet webcast has been scheduled to reveal an automated tool to check for deployment security settings. The webcast is on 12/15/2008 from 10:30 AM to 11:30 AM and the following is the…

Oslo M Language

The M language is awesome, I have been experimenting with it for quite some time now. it allows you to create models of types in a descriptive language. The idea behind M language is to capture developers intent in a descriptive language for modeling purposes. Additionally, it converts these types into SQL schema for application…


From a security perspective what’s wrong with this code? 1: <html> 2: <head> 3: <title>Welcome Page</title> 4: <script language="JavaScript"> 5: function openNewWindow() 6: { 7:‘<%=Server.HtmlEncode(Request.QueryString["URL"])%>’); 8: } 9: </script> 10: </head> 11: <body> 12: Welcome <%=Context.User.Identity.Name %> 13: <br/> 14: Click <a href="javascript:openNewWindow();">here</a> 15: to open the link in new window. 15: </body> 16:…

Developer Security IQ

There is a very good article on MSDN magazine about security bugs. A good Q&A to determine your security IQ. Check it out at In this spirit I will try to post some security Q&A specially on web and windows applications.

OWASP MN Mini Conference

This Tuesday I was spoke at the OWASP MN mini conference at the University of Minnesota’s St. Paul Student Center. Had some very impressive speakers, Brian Chess, Richard Stallman and Jeff Williams. I spoke about our CISF framework and tools. Thanks RV

Security Runtime Engine

We have been working on this project for some time now. It is a http module to protect web applications from certain attacks. Thanks RV

System.Security.SecureString in .NET

Varun in our team has posted part I of series about SecureString in .NET. Awesome blog entry talks about internal details on how secure strings work in .NET with some samples. Check it out at Thanks RV