Difference between revisions of ".NET AntiXSS Library"

Revision as of 02:29, 15 April 2014

(NOTE:) This content is a work in progress and all contribution is welcome. Please contact Jeff Knutson (User:Jeff Knutson) with questions, ideas, corrections, etc.

1 Overview
2 Options
3 TODO
- 3.1 Now
- 3.2 Future

Overview

Cross site scripting (XSS) continues to show up on the as a top vulnerability.

Options

Microsoft AntiXSS Library
- Available in ASP.NET 4.5 in the System.Web.Security.AntiXss namespace
- Available prior to ASP.NET 4.5 via NuGet: (https://www.nuget.org/packages/AntiXSS/) Install-Package AntiXSS (currently v4.2.1 as of 4/12/2014)
  - Using Microsoft AntiXSS as the default encoder in ASP.NET instructions (Phil Haack has a good link on this already: http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx/)
Microsoft Web Protection Library (WPL) - via http://wpl.codeplex.com/workitem/17246
OWASP Anti-Samy Library (https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project_.NET)
- Not recently maintained (good option for to get it up to date and relevant!!!)

TODO

Now

Look at the Microsoft implementations
See what work has already been done in the OWASP space for XSS
See what other work has been done for XSS (both .NET and other technology stacks)
Illustrate vulnerabilities and how to mitigate them (e.g. WebGoat)

Future

Dream big here!

@@ Line 1: / Line 1: @@
 (NOTE:) This content is a work in progress and all contribution is welcome.  Please contact Jeff Knutson ([[User:Jeff Knutson]]) with questions, ideas, corrections, etc.
-== Problem Overview ==
+== Overview ==
 Cross site scripting (XSS) continues to show up on the [[Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]] as a top vulnerability.

Difference between revisions of ".NET AntiXSS Library"

Revision as of 02:29, 15 April 2014

Overview

Options

TODO

Now

Future

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools