Microsoft Anti-Cross Site Scripting Library V3.1

by Neon Quach 20. September 2009 02:50
Brief Description
AntiXSS 3.1 helps you to protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy application with its Security Runtime Engine

Overview

The Microsoft Anti-Cross Site Scripting Library V3.1 (Anti-XSS V3.1) is an encoding library designed to help developers protect their ASP.NET web-based applications from XSS attacks. It differs from most encoding libraries in that it uses the white-listing technique -- sometimes referred to as the principle of inclusions -- to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set (invalid characters or potential attacks). The white-listing approach provides several advantages over other encoding schemes. New features in this version of the Microsoft Anti-Cross Site Scripting Library include: - An expanded white list that supports more languages - Performance improvements - Performance data sheets (in the online help) - Support for Shift_JIS encoding for mobile browsers - A sample application - Security Runtime Engine (SRE) HTTP module - HTML Sanitization methods to strip dangerous HTML scripts

Download from Microsoft

Tags:


Categories: xss

dotnetkicks dotnetshoutout dotnetburner servefault fairfeeds pimpthisblog yahoo buzz google buzz
Permalink | Comments (4)

Anti-XSS Library 3.0 RTM

by Neon Quach 14. July 2009 19:58

RV here…

Anti-XSS library 3.0 is now RTM!!! MSDN download center is updated with the new binaries. Here is a overview of the changes in 3.0 release.

New features in this version of the Microsoft Anti-Cross Site Scripting Library include:

  • An expanded white list that supports more languages
  • Performance improvements
  • Performance data sheets (in the online help)
  • Support for Shift_JIS encoding for mobile browsers
  • Security Runtime Engine (SRE) HTTP module
  • MSDN style help
  • A sample application

There are no changes to the library, so it maintains binary compatibility with the beta version. You can simply replace the previous binary with the new RTM binaries. The new installer can be downloaded from Microsoft.com download center.

Anti-XSS will be becoming the Web protection Library (WPL). Stay tuned!

Reference

Tags: , ,


Categories: asp.net | xss | download

dotnetkicks dotnetshoutout dotnetburner servefault fairfeeds pimpthisblog yahoo buzz google buzz
Permalink | Comments (3)

Powered by BlogEngine.NET 1.6.0.0 - Eco Theme by n3o Web Designers