Anti-XSS Library v3.1 Released!
The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1. How does a cross-site scripting (XSS) vulnerability occur? An example is when a web application does not encode the output that is sent to the browser, this can make the site susceptible XSS attacks as well as other common attacks. Using XSS attacks, malicious users can cause damage to a site including hijacking a client session, stealing a web session information as well as cookies and more. The Anti-XSS Library v3.1 is an encoding library specifically designed to help developers protect their ASP.NET web-based applications from XSS attacks. Watch the video, “Anti-XSS 3.0 Released,” as Vineet Batta and Anil Revuru (RV), Senior Software Developers from the Microsoft Information Security Tools (IST), provide an overview of the Anti-XSS Library and how it can prevent XSS attacks in your application. The key new feature in Anti-XSS v3.1 is sanitization of HTML pages and fragments, ensuring all malicious scripts are removed and enabling the input safe to display to the browser.
Download the latest Anti-XSS Library v3.1. Learn more about this library and other information security tools on the IST blog.
-Todd
Comments
Anonymous
December 07, 2009
is it possible to secure ASP.net Sessions/Cookies? I want to make Cookies always HTTPS instead of the default HTTP.Anonymous
December 07, 2009
Yes, there are couple of options, you can use the <httpCookies> element in web.config to make all cookies require SSL when they are being set on the user computer. For more information on that check http://msdn.microsoft.com/en-us/library/ms228262.aspx. You can also set the HttpCookie.Secure property to true to make a specific cookie require SSL. For more information on that, check http://msdn.microsoft.com/en-us/library/system.web.httpcookie.secure.aspx. Visit the Information Security Tools blog http://blogs.msdn.com/securitytools/ for more information. -Todd