Lessons Learned at Windows Live by Using ASP.NET MVC

We published a new security whitepaper base on our experience with ASP.NET MVC. The whitepaper is available at http://www.microsoft.com/downloads/details.aspx?FamilyID=7606f801-70c5-49ca-a18c-91d4ed725833&displaylang=en  


Fxcop rule to verify the use of ASP.NET MVC AntiforgeryTokenAttribute

I’ve been working on code auditing for a project that makes use of the latest ASP.NET MVC api. Turned out that it didn’t benefit from the built-in CSRF mitigation available since preview 5 version of the api. The mitigation is quite simple and generates tokens and validates them inside controller actions. As usual, I rather…