Input Validation Resources for ASP.NET

Anil John points out some good resources for dealing with input in ASP.NET:


One of the basic tenets of secure coding is that ALL input is EVIL and should be validated and sanitized before being allowed into the application.  This is also definitely an area where a lot of mistakes can be made.


The PAG folks have written a set of modular How-To’s to tackle the finer points of injection attacks and as such implement effective input validation in your ASP.NET Applications. The guidance covers both .NET 1.1 and 2.0.


Check them out:



Very important information…read it, and live it.

Comments (4)

  1. AIM48 says:

    I posted this suggestion to product feed back – it might be usefull to ensure that the data is validated

  2. 25 SQL Commandments [Via: Paschal

    L ]

    ASP.NET Podcast #16 – Interview with Miljan

    Braticevic [Via:…

  3. Stefan Broenner says:

    There is a real nice product out there that handles security and input validation way better than the Microsoft stuff (and comes with the best documentation I have seen so for for ANY commercial component): Peter Blum Validation and More and Visual Input Security:

  4. .NET 2.0 University – Code Samples for Beta 2 [Via: ]

    Another Least Privilege Site…