This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

.NET AntiXSS Library

From OWASP

Revision as of 17:04, 14 April 2014 by Jeff Knutson (talk | contribs) (Created page with "(NOTE:) This content is a work in progress and all contribution is welcome. Please contact Jeff Knutson (User:Jeff Knutson) with questions, ideas, corrections, etc. == P...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

(NOTE:) This content is a work in progress and all contribution is welcome. Please contact Jeff Knutson (User:Jeff Knutson) with questions, ideas, corrections, etc.

[hide]

1 Problem Overview
- 1.1 .NET specific concerns
2 Using as the default encoder in ASP.NET instructions
3 TODO
- 3.1 Now
- 3.2 Future

Problem Overview

Cross site scripting (XSS) continues to show up on the as a top vulnerability.

.NET specific concerns

-TODO ASP.NET 4.5 built in support for AntiXSS -TODO the AntiXSS project

Using as the default encoder in ASP.NET instructions

TODO: Phil Haack has a good link on this already: http://haacked.com/archive/2010/04/06/using-antixss-as-the-default-encoder-for-asp-net.aspx/

TODO

Now

Look at the Microsoft implementations
See what work has already been done in the OWASP space for XSS
See what other work has been done for XSS (both .NET and other technology stacks)
Illustrate vulnerabilities and how to mitigate them (e.g. WebGoat)

Future

Dream big here!

Retrieved from "https://wiki.owasp.org/index.php?title=.NET_AntiXSS_Library&oldid=172692"