My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Tuesday, March 2, 2004
« Microsoft Security Guidance Kit CD v1.0 ... | Main | Smart Client Offline Application Block f... »

Anil John posted some observations about cross-site scripting attacks and the mitigations offered by ASP.NET 1.1:

ASP.NET 1.1 provides auto-protection from scripting attacks
Did you know that ASP.NET v1.1 automatically checks for possible scripting attacks when users enter info into you forms? I didn't! I learned it in my prep for my DevDays session.

Matt Lyons did an XSS demo explaining some of this at the 2003 PDC Security Symposium. His demo is in the middle session: SECSYM2 - Security Symposium: Putting Security Theory Into Practice: Processes and Policies. Check it out here. You need to navigate through the Symposia heading.
 
My friend from Vermont, Julie Lerman [1] posted the original info.. I and others just chimed in with additional observations.
 
The link to the PDC Security Symposium that Brian noted can be found @
http://microsoft.sitestream.com/PDC2003/Default.htm
 
Also, be sure to check out Shanku Niyogi's insight into the feature [2].  Shanku “.. leads the program management team responsible for design of both ASP.NET and Microsoft’s web development toolset in Visual Studio.NET“  As such, he has a behind the scenes take on the feature.
 
Also check out Victor's post [3] on this topic as well.
 
 

[Now Playing: O Haseena Zulfon Wali - Dil Vil Pyar Vyar]

Tags:: Security
3/2/2004 10:28 AM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.