Anti-XSS Library v3.1: Find, Fix, and Verify Errors (Channel 9)

Anti-XSS Library v3.1: Find, Fix, and Verify Errors

Posted: Sep 23, 2009 at 10:20 AM

By: Jossie

17,601 Views

9 Comments

21 minutes, 51 seconds

Download

Right click “Save as…”

High Quality WMV (PC, Xbox, MCE)
MP3 (Audio only)
MP4 (iPod, Zune HD)
WMV (WMV Video)

format
< > embed
+ queue

Sign In first to access your queue.
Close

Sorry, video was not added to the queue, an error occurred. Please Contact Us and let us know.
Close

Embed code for this video

Copy the code above to embed our video on your website/blog.

Video format

Auto
Use our suggested format for this video.
Smooth Streaming
Adaptive bitrate streaming - little buffering but lower video quality at times of low bandwidth.
Progressive
Traditional buffered video format.
HTML5
For browsers that support h264 MP4 or WebM video playback such as:
IE9+, Chrome 5+, or Safari 4+.

Note: These selections will fall back to the next best format depending upon browser capability.

Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1 including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.

He talks about:

What is Cross-Site Scripting Attack (XSS)
How to detect Cross Site Scripting Vulnerabilities
Introduction of Anti-XSS Library
What’s new in Anti-XSS Library 3.1
Anti-XSS 3.1 demo
Security Runtime Engine (SRE)
SRE Demo

To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

Overview of the Anti-XSS Library
Download: Microsoft Anti-Cross Site Scripting Library v3.1

Thanks for posting this presentation.

Bad news: Sound for this slideshow won't play in Silverlight 3.0.50106.0 (from silverlight.net) in IE 8.0.6001.1870 and FF 3.6, Win XP SP3 + all updates, AMD Sempron 1.8GHz. I don't think it's a CPU issue, because other videos do play with sound, such as this one uploaded by Jossie on the same day (Sept. 23, 2009): http://channel9.msdn.com/posts/Jossie/Connected-Information-Security-Framework-Core-Components/ and http://channel9.msdn.com/posts/Jossie/Technical-Preview-for-CATNET-20/

Good news, workaround: copying the URL from the embed HTML ( < /> icon) and pasting it into Windows Media Player 11 "Open URL", the video+audio streams perfectly:

http://ecn.channel9.msdn.com/o9/ch9/6/9/6/3/9/4/antiXSS31_ch9.wmv

The trouble?: WMP11 says the audio codec is: "Windows Media Audio 10 Professional, 128 kbps, 44 kHz, 2 channel 24 bit 2-pass VBR". 24 bits seems like overkill for a voiceover, and Silverlight 3.0 won't play it. (Or is it a container problem?)

Suggestion: In future, encode audio for WMA 9 and/or 16 bit for maximum backward compatibility.

Follow the Discussion

Subscribe to these comments

Tavis

Nov 10, 2009 at 6:32 AM quote reply

I get an error message when I tried to play the video:

Media Failure. Try reloading the page or visiting the main site for assistance.

I tried reloading the page without success.
Jossie

Nov 11, 2009 at 9:53 AM quote reply

Hi Tavis, try playing the video now. Usually it is not the video but the site. When you see that message come back to the video later and it tends to be fixed. It worked for me now. Let me know!
SrinivasG

Nov 12, 2009 at 4:01 AM quote reply

Thanks for the demo.. This is really very informative..
ramaraju.r

Nov 15, 2009 at 7:57 PM quote reply

Thanks a lot! Very informative.
Elroy Flynn

Nov 24, 2009 at 8:29 PM quote reply

It sure would be nice to have the usual controls for this presentation (stop/start/rewind)
Rasha

Dec 27, 2009 at 7:35 PM quote reply

Informative, as everyone said...but got no sound!! Can any one help me out? Sometimes media player is opened, after the completion of down load, i am asked to download some codec to run!!..
f.hausman

Jan 24, 2010 at 6:38 AM quote reply

Thanks for posting this presentation.

Bad news: Sound for this slideshow won't play in Silverlight 3.0.50106.0 (from silverlight.net) in IE 8.0.6001.1870 and FF 3.6, Win XP SP3 + all updates, AMD Sempron 1.8GHz. I don't think it's a CPU issue, because other videos do play with sound, such as this one uploaded by Jossie on the same day (Sept. 23, 2009): http://channel9.msdn.com/posts/Jossie/Connected-Information-Security-Framework-Core-Components/ and http://channel9.msdn.com/posts/Jossie/Technical-Preview-for-CATNET-20/

Good news, workaround: copying the URL from the embed HTML ( < /> icon) and pasting it into Windows Media Player 11 "Open URL", the video+audio streams perfectly:

http://ecn.channel9.msdn.com/o9/ch9/6/9/6/3/9/4/antiXSS31_ch9.wmv

The trouble?: WMP11 says the audio codec is: "Windows Media Audio 10 Professional, 128 kbps, 44 kHz, 2 channel 24 bit 2-pass VBR". 24 bits seems like overkill for a voiceover, and Silverlight 3.0 won't play it. (Or is it a container problem?)

Suggestion: In future, encode audio for WMA 9 and/or 16 bit for maximum backward compatibility.
kumaratwin

Jun 01, 2010 at 6:37 AM quote reply

Can I use this on classic ASP applications? Please point me to a right article or video if we can?

Thanks,

Kumar Pindiprolu.
anilkr

Aug 23, 2010 at 9:39 AM quote reply

Unfortunately both Anti-XSS library and CAT.NET work on mangaed code. It can't be used with classic ASP applications.

Remove this comment

Remove this thread

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.