Microsoft releases new tool to counteract cross site scripting attacks


Microsoft just released a new Anti-XSS tool that works with .NET Framework 1.0, 1.1 and 2.0. Anytime you echo user input back to the Web Page you are susceptible either persistent or non-persistent cross site scripting attacks.

...The Microsoft Anti-XSS tool follows an Accept-only approach in which this tool looks for a finite set of valid input and everything else is considered invalid. This approach will provide a more comprehensive protection to XSS and reduce the ability to trick HttpUtility.HtmlEncode with canonical representations attacks. Microsoft Release new Anti-XSS tool Via Dana Epp's ramblings at the Sanctuary

Linked by shanmuga Friday, 24th February 2006 7:15AM