Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
FxCop ASP.NET Security Rules release
The FxCop ASP.NET security rules have finally been released after being used for quite some time...
Date: 12/13/2010
Strict Transport Security ASP.NET Module
I’ve been tackling the problem of users connecting to online services from untrusted network. At...
Date: 05/11/2010
Using ValidateRequest to detect when XSS is occuring
In a way to limit the risk of Cross-Site Scripting (XSS) attacks, ASP.NET 2.0 introduced a way to...
Date: 04/28/2010
Lessons Learned at Windows Live by Using ASP.NET MVC
We published a new security whitepaper base on our experience with ASP.NET MVC. The whitepaper is...
Date: 12/08/2009
Fxcop rule to verify the use of ASP.NET MVC AntiforgeryTokenAttribute
I’ve been working on code auditing for a project that makes use of the latest ASP.NET MVC api....
Date: 01/07/2009
Checking for ViewStateUserKey using FxCop
ASP.NET has had a mitigation to prevent against CSRF/One-Click attacks since 1.1 with the use of...
Date: 09/25/2008
Fxcop HtmlSpotter - Spotting ASP.NET XSS using Fxcop and Html encoding document
In my previous post, I provided a list of which ASP.NET HTML control property that offers automatic...
Date: 09/18/2008
Which ASP.NET Controls Automatically Encodes?
I've had a lot of people ask me which ASP.NET control offers automatic html encoding and the answer...
Date: 09/02/2008