Channel 9 - Entries tagged with Antixss Microsoft http://mschnlnine.vo.llnwd.net/d1/Dev/App_Themes/C9/images/feedimage.png Channel 9 - Entries tagged with Antixss http://channel9.msdn.com/Tags/antixss Channel 9 keeps you up to date with the latest news and behind the scenes info from Microsoft that developers love to keep up with. From LINQ to SilverLight – Watch videos and hear about all the cool technologies coming and the people behind them. http://channel9.msdn.com/Tags/antixss en Sat, 18 May 2013 22:44:40 GMT Sat, 18 May 2013 22:44:40 GMT Rev9 6 1 25 TWC9: Sharing Code, Cheat Sheets, and Jump Starting! This week on Channel 9, Duncan and Rick discuss the week's top developer news, including;

Picks of the Week!

]]> http://channel9.msdn.com/Shows/This+Week+On+Channel+9/TWC9-December-07-2012 This week on Channel 9, Duncan and Rick discuss the week's top developer news, including; [0:49] Sharing Code: Windows 8 and Windows Phone (Matt Hidinger) [2:51] MVP Monday - Connected Apps Made Wicked Easy with Windows Azure Mobile Services (Scott Seely) [5:13] TouchDevelop: The Fast Path to Windows 8 and Phone Apps [Clint Edmonson] [8:44] Web Development CSRF and XSS Cheat Sheets (Christopher C. Kane), Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet , Cross-Site Scripting (XSS) Prevention Chat Sheet [10:22] Windows 8 Game Development using C#, XNA and MonoGame 3.0: Building a Shooter Game Walkthrough – Part 1: Overview, Installation, MonoGame 3.0 Project Creation (Tara E. Walker) [14:07] Channel 9 Highlight: Productivity Power Tools for Visual Studio 2012 (Robert Green, Krishna Hosabettu Kamalesha) [17:11] NETMF 4.3 Released (Colin Miller ) [20:25] Channel 9 Highlight: Building Apps for Windows Phone 8 Jump Start (Andy Wigley, Rob Tiffany) [22:04] Subscribe! (Clemens Vasters) Picks of the Week! Rick's Pick of the Week: Nokia Launches Magical Slideshow App PhotoBeamer for Windows 8 Lumia Phones Duncan's Pick of the Week: Channel 9 App (No link yet...) 1994 http://channel9.msdn.com/Shows/This+Week+On+Channel+9/TWC9-December-07-2012 Sun, 09 Dec 2012 03:06:25 GMT http://channel9.msdn.com/Shows/This+Week+On+Channel+9/TWC9-December-07-2012 Duncan Mackenzie, Greg Duncan, Rick Barraza Duncan Mackenzie, Greg Duncan, Rick Barraza 3 http://channel9.msdn.com/Shows/This+Week+On+Channel+9/TWC9-December-07-2012/RSS Antixss XNA Visual Studio 2012 Using the Web Protection Library (WPL) - CTP Version Anil Revuru (RV), from Microsoft Information Security, walks us through the expansion of what used to be the Anti-XSS Library. This enhanced version of the library will introduce mitigation to other attacks like:

  • SQL Injection
  • Cross-Site Request Forgery (CSRF)
  • Setting Enforcement like SSL & HTTP_ONLY cookies
  • Security Runtime Engine for SQL Injection & XSS
  • Among others

The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools.

Read CTP announcement and follow the Security Tools Team blog.

]]> http://channel9.msdn.com/Blogs/Jossie/Using-the-Web-Protection-Library-WPL-CTP-Version Anil Revuru (RV), from Microsoft Information Security, walks us through the expansion of what used to be the Anti-XSS Library. This enhanced version of the library will introduce mitigation to other attacks like: SQL Injection Cross-Site Request Forgery (CSRF) Setting Enforcement like SSL & HTTP_ONLY cookies Security Runtime Engine for SQL Injection & XSS Among others The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools. Read CTP announcement and follow the Security Tools Team blog. 656 http://channel9.msdn.com/Blogs/Jossie/Using-the-Web-Protection-Library-WPL-CTP-Version Wed, 25 Nov 2009 00:00:00 GMT http://channel9.msdn.com/Blogs/Jossie/Using-the-Web-Protection-Library-WPL-CTP-Version Jossie Jossie 0 http://channel9.msdn.com/Blogs/Jossie/Using-the-Web-Protection-Library-WPL-CTP-Version/RSS Antixss Information information security infosec ist Security Tools wpl Assessment and Protection Suite Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools:

  • Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others
  • CAT.NET
  • Web Application Configuration Analyzer (WACA)
  • and room for more future add-ons

The CTP (Community Technology Preview) for these tools are available in Microsoft Connect – Information Security Tools. These are currently individual as they shift to one-install.

Read CTP announcement and follow the Security Tools Team blog.

]]> http://channel9.msdn.com/Blogs/Jossie/Assessment-and-Protection-Suite Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools: Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others CAT.NET Web Application Configuration Analyzer (WACA) and room for more future add-ons The CTP (Community Technology Preview) for these tools are available in Microsoft Connect – Information Security Tools. These are currently individual as they shift to one-install.Read CTP announcement and follow the Security Tools Team blog. 1044 http://channel9.msdn.com/Blogs/Jossie/Assessment-and-Protection-Suite Thu, 12 Nov 2009 17:21:00 GMT http://channel9.msdn.com/Blogs/Jossie/Assessment-and-Protection-Suite Jossie Jossie 0 http://channel9.msdn.com/Blogs/Jossie/Assessment-and-Protection-Suite/RSS Antixss Information information security infosec ist Security Tools waca wpl Enhanced Web Protection Library Anil Revuru (RV), from Microsoft Information Security, introduces the expansion of what used to be the Anti-XSS Library. But web vulnerabilities are not only around Cross-Site Scripting (XSS) attacks. This enhanced version of the library will introduce mitigation to other attacks like:

  • SQL Injection
  • Cross-Site Request Forgery (CSRF)
  • Setting Enforcement like SSL & HTTP_ONLY cookies
  • Security Runtime Engine for SQL Injection & XSS
  • Among others

The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools.

Read CTP announcement and follow the Security Tools Team blog.

]]> http://channel9.msdn.com/Blogs/Jossie/Enhanced-Web-Protection-Library Anil Revuru (RV), from Microsoft Information Security, introduces the expansion of what used to be the Anti-XSS Library. But web vulnerabilities are not only around Cross-Site Scripting (XSS) attacks. This enhanced version of the library will introduce mitigation to other attacks like: SQL Injection Cross-Site Request Forgery (CSRF) Setting Enforcement like SSL & HTTP_ONLY cookies Security Runtime Engine for SQL Injection & XSS Among others The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools. Read CTP announcement and follow the Security Tools Team blog. 928 http://channel9.msdn.com/Blogs/Jossie/Enhanced-Web-Protection-Library Thu, 12 Nov 2009 17:21:00 GMT http://channel9.msdn.com/Blogs/Jossie/Enhanced-Web-Protection-Library Jossie Jossie 0 http://channel9.msdn.com/Blogs/Jossie/Enhanced-Web-Protection-Library/RSS Antixss Information information security infosec ist Security Tools wpl Anti-XSS Library v3.1: Find, Fix, and Verify Errors Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1  including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.

He talks about:

  • What is Cross-Site Scripting Attack (XSS)
  • How to detect Cross Site Scripting Vulnerabilities
  • Introduction of Anti-XSS Library
  • What’s new in Anti-XSS Library 3.1
  • Anti-XSS 3.1 demo
  • Security Runtime Engine (SRE)
  • SRE Demo

To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

Overview of the Anti-XSS Library
Download: Microsoft Anti-Cross Site Scripting Library v3.1

]]> http://channel9.msdn.com/Blogs/Jossie/Anti-XSS-Library-v31-Find-Fix-and-Verify-Errors Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1  including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.He talks about: What is Cross-Site Scripting Attack (XSS) How to detect Cross Site Scripting Vulnerabilities Introduction of Anti-XSS Library What’s new in Anti-XSS Library 3.1 Anti-XSS 3.1 demo Security Runtime Engine (SRE) SRE Demo To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.Overview of the Anti-XSS LibraryDownload: Microsoft Anti-Cross Site Scripting Library v3.1 1311 http://channel9.msdn.com/Blogs/Jossie/Anti-XSS-Library-v31-Find-Fix-and-Verify-Errors Wed, 23 Sep 2009 17:20:00 GMT http://channel9.msdn.com/Blogs/Jossie/Anti-XSS-Library-v31-Find-Fix-and-Verify-Errors Jossie Jossie 9 http://channel9.msdn.com/Blogs/Jossie/Anti-XSS-Library-v31-Find-Fix-and-Verify-Errors/RSS ace ace team Antixss Information information security infosec ist Security Tools Anti-XSS 3.0 Released Vineet Batta and Anil Revuru (RV), from Microsoft Information Security, talk about the release of the new version of the Anti-XSS library, which is designed to encode output to help developers protect their ASP.NET web-based applications from cross-site scripting attacks.

They explain the new features and benefits found on version 3.0, including:

  • Extended white list
  • Better performance
  • MSDN Style Help documentation
  • Marked Anti-XSS Output
  • Security Runtime Engine (SRE)

To learn more about this library read the following blogs from the Security Tools Team blog and previous posts.

]]> http://channel9.msdn.com/Blogs/Jossie/Anti-XSS-30-Released Vineet Batta and Anil Revuru (RV), from Microsoft Information Security, talk about the release of the new version of the Anti-XSS library, which is designed to encode output to help developers protect their ASP.NET web-based applications from cross-site scripting attacks. They explain the new features and benefits found on version 3.0, including: Extended white list Better performance MSDN Style Help documentation Marked Anti-XSS Output Security Runtime Engine (SRE) To learn more about this library read the following blogs from the Security Tools Team blog and previous posts. 1055 http://channel9.msdn.com/Blogs/Jossie/Anti-XSS-30-Released Wed, 15 Jul 2009 16:12:00 GMT http://channel9.msdn.com/Blogs/Jossie/Anti-XSS-30-Released Jossie Jossie 0 http://channel9.msdn.com/Blogs/Jossie/Anti-XSS-30-Released/RSS ace ace team Antixss Information information security infosec ist LOB Simple DirectMedia Layer sdl-lob Security Tools