Using ValidateRequest to detect when XSS is occuring

In a way to limit the risk of Cross-Site Scripting  (XSS) attacks, ASP.NET 2.0 introduced a way to detect such attack and automatically reject the request. This functionality is exposed by the PageSections.ValidationRequest and is turned on by default.  This should not be considered an s a full proof solution against XSS but a good…

0

Fxcop HtmlSpotter - Spotting ASP.NET XSS using Fxcop and Html encoding document

In my previous post, I provided a list of which ASP.NET HTML control property that offers automatic HTML encoding. As a side note, I was made aware that an older version of that file is available from the support files of the Hunting Security Bugs book. I initially received this document from Tom Gallagher team and made…

3

Which ASP.NET Controls Automatically Encodes?

I’ve had a lot of people ask me which ASP.NET control offers automatic html encoding and the answer I had for a long time was to look at MSDN or even write a quick sample and test the behavior. If you are asking yourself the same question, you can now use the attached document to…

6