Mike's Security Cabinet

A place to discuss application security and related topics.

Wednesday, May 19, 2010

Some links for XSS

Cross-Site Scripting (XSS) from OWASP

http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

XSS Prevention Cheat Sheet from OWASP

http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

Download link for Anti-XSS library V3.1

http://www.microsoft.com/downloads/details.aspx?FamilyId=051ee83c-5ccf-48ed-8463-02f56a6bfc09&displaylang=en

It comes with Sample code and Help file.

Additional resources about Anti-XSS library

Some FAQ questions about Anti-XSS library:

http://msdn.microsoft.com/en-us/security/aa973814.aspx

HTML Sanitization in Anti-XSS Library:

http://blogs.msdn.com/securitytools/archive/2009/09/01/html-sanitization-in-anti-xss-library.aspx

Difference between Anti-XSS library and HttpUtility.HtmlEncode

http://blogs.msdn.com/securitytools/archive/2009/07/09/differences-between-antixss-htmlencode-and-httputility-htmlencode-methods.aspx

The list of controls which automatically encode:
http://blogs.msdn.com/cisg/archive/2008/09/17/which-asp-net-controls-need-html-encoding.aspx.

http://blogs.msdn.com/sfaust/attachment/8918996.ashx

Posted by michael xin at 8:42 PM

No comments:

Post a Comment

Newer Post Older Post Home

Subscribe to: Post Comments (Atom)

About Me

michael xin: CISSP, Application security engineer with interest in penetration testing, security application development, mobile security.

View my complete profile

Blog Archive

► 2013 (9)
- ► March (3)
- ► February (6)

► 2012 (25)
- ► October (1)
- ► August (1)
- ► June (1)
- ► May (4)
- ► April (3)
- ► March (9)
- ► February (6)

► 2011 (4)
- ► November (2)
- ► April (2)

▼ 2010 (23)
- ► August (1)
- ► July (6)
- ▼ May (6)
- ► March (1)
- ► February (7)
- ► January (2)

Simple theme. Powered by Blogger.