quickview

Prevent Cross-Site Scripting in ASP.NET Web Apps

Cross-site scripting threats can be greatly minimized by proper encoding. On ASP.NET apps, the Microsoft AntiXSS Library is one of the easiest ways to do the encoding correctly

By David Ross |  Dr.Dobb's, March 12, 2013

Cross-Site Scripting (XSS) is the most pervasive vulnerability present in Web applications today. That being said, it is possible to build Web apps that are impervious to XSS by arming yourself with an understanding of the threat and a basic toolbox of encoding functions.

XSS Review
The attack occurs in a variety of scenarios where data is taken in by your website and then replayed to the user as an executable script. For example, imagine navigating to the following URL:

http://www.contoso.com/shopping?name=

If the website were to replay the query string parameter into its HTML markup verbatim, malicious script would execute on the page. Given the same-origin policy security model of the browser, this script could perform actions or access data on behalf of the user behind the keyboard.

...
Read full story on Dr.Dobb's

Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

Slideshow




InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.