Sacha Faust Web Security Blog
FxCop ASP.NET Security Rules release
The FxCop ASP.NET security rules have finally been released after being used for quite some time...
Date: 12/13/2010
Strict Transport Security ASP.NET Module
I’ve been tackling the problem of users connecting to online services from untrusted network. At...
Date: 05/11/2010
Using ValidateRequest to detect when XSS is occuring
In a way to limit the risk of Cross-Site Scripting (XSS) attacks, ASP.NET 2.0 introduced a way to...
Date: 04/28/2010
Lessons Learned at Windows Live by Using ASP.NET MVC
We published a new security whitepaper base on our experience with ASP.NET MVC. The whitepaper is...
Date: 12/08/2009
Fxcop rule to verify the use of ASP.NET MVC AntiforgeryTokenAttribute
I’ve been working on code auditing for a project that makes use of the latest ASP.NET MVC api....
Date: 01/07/2009
Checking for ViewStateUserKey using FxCop
ASP.NET has had a mitigation to prevent against CSRF/One-Click attacks since 1.1 with the use of...
Date: 09/25/2008
Fxcop HtmlSpotter - Spotting ASP.NET XSS using Fxcop and Html encoding document
In my previous post, I provided a list of which ASP.NET HTML control property that offers automatic...
Date: 09/18/2008
Which ASP.NET Controls Automatically Encodes?
I've had a lot of people ask me which ASP.NET control offers automatic html encoding and the answer...
Date: 09/02/2008