AJAX approach to localizing Date Time

I am pretty confident most of you people out there have developed web applications for global use which display date time according to the user’s local time zone. Although it is possible to do this on the server side, it is very efficient and easy to do this on the client side specially on the…

Anti-XSS Webcast

On January 9th there will be a webcast on technet about Anti-XSS v3.0. This will showcase some of the improvements done to the Anti-XSS library. The webcast registration url is http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032398771&Culture=en-US. Thanks RV

OWASP MN Mini Conference

This Tuesday I was spoke at the OWASP MN mini conference at the University of Minnesota’s St. Paul Student Center. Had some very impressive speakers, Brian Chess, Richard Stallman and Jeff Williams. I spoke about our CISF framework and tools. http://www.owasp.org/index.php/OWASP_Minneapolis_St_Paul_2008_Conference Thanks RV

Security Runtime Engine

We have been working on this project for some time now. It is a http module to protect web applications from certain attacks. http://blogs.msdn.com/cisg/archive/2008/10/24/a-sneak-peak-at-the-security-runtime-engine.aspx Thanks RV

AntiXss Encoding and ASP.NET Data Binding

It’s been a while since I posted my last blog entry. This time it is on few ASP.NET data binding scenarios and how you should use AntiXss encoding. Very important for ASP.NET developers. Check it out on our team blog at http://blogs.msdn.com/cisg/archive/2008/10/01/asp-net-data-binding-and-antixss-encoding.aspx Anil RV

HTML Encoding of ASP.NET Controls

Ever wonder which controls need HTML encoding, this is a developer nightmare. We have looked at some common controls that most of developers use and determined which properties need HTML encoding. I have posted the blog entry on our team site, check it out at http://blogs.msdn.com/cisg/archive/2008/09/17/which-asp-net-controls-need-html-encoding.aspx Thanks RV

How To: Detect Cross Site Scripting Vulnerabilities using XSSDetect

This week I have posted another blog entry on our team site. It is on using automated code analysis tool XSSDetect to detect cross site scripting issues. The tool is freely available on MSDN downloads, check out the blog at http://blogs.msdn.com/cisg/archive/2008/09/01/how-to-detect-cross-site-scripting-vulnerabilities-using-xssdetect.aspx. ThanksAnil RV


Microsoft Teched 2008 australia

I will be at TechEd Australia speaking on behalf of our team on connected information security and our security tools. You will see more blog entires on the session content and tools in coming days. Our session is under Security track and is called Microsoft Connected Information Security (CISF). See you there. TechEd AU Session…

what is the Microsoft AntiXSS Library?

I just posted a blog entry on our team blog site about Microsoft AntiXSS library. Very important for security minded developers, it address one of the top web application security vulnerabilities. Check it out at http://blogs.msdn.com/cisg/archive/2008/08/26/what-is-microsoft-antixss.aspx.