Anti-XSS Library v3.1: Find, Fix, and Verify Errors

Posted By: Jossie Tirado | Sep 23rd, 2009 @ 10:20 AM | 7,544 Views | 7 Comments

Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1  including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.

He talks about:

  • What is Cross-Site Scripting Attack (XSS)
  • How to detect Cross Site Scripting Vulnerabilities
  • Introduction of Anti-XSS Library
  • What’s new in Anti-XSS Library 3.1
  • Anti-XSS 3.1 demo
  • Security Runtime Engine (SRE)
  • SRE Demo

To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

Overview of the Anti-XSS Library
Download: Microsoft Anti-Cross Site Scripting Library v3.1
Rating:
0
0
#Nov 10th, 2009 @ 6:30 AM
Tavis
Tavis

I get an error message when I tried to play the video:

Media Failure. Try reloading the page or visiting the main site for assistance.

I tried reloading the page without success.

#Nov 11th, 2009 @ 9:53 AM
Jossie
Jossie

Hi Tavis, try playing the video now. Usually it is not the video but the site. When you see that message come back to the video later and it tends to be fixed. It worked for me now. Let me know!

#Nov 12th, 2009 @ 4:01 AM
SrinivasG
SrinivasG

Thanks for the demo.. This is really very informative..

#Nov 15th, 2009 @ 7:57 PM
ramaraju.r
ramaraju.r

Thanks a lot! Very informative.

#Nov 24th, 2009 @ 8:29 PM
Elroy Flynn
Elroy Flynn

It sure would be nice to have the usual controls for this presentation (stop/start/rewind)

#Dec 27th, 2009 @ 7:35 PM
Rasha
Rasha

Informative, as everyone said...but got no sound!! Can any one help me out? Sometimes media player is opened, after the completion of down load, i am asked to download some codec to run!!..

#Jan 24th @ 6:38 AM
f.hausman
f.hausman

Thanks for posting this presentation.

Bad news:  Sound for this slideshow won't play in Silverlight 3.0.50106.0 (from silverlight.net) in IE 8.0.6001.1870 and FF 3.6, Win XP SP3 + all updates, AMD Sempron 1.8GHz.  I don't think it's a CPU issue, because other videos do play with sound, such as this one uploaded by Jossie on the same day (Sept. 23, 2009):  http://channel9.msdn.com/posts/Jossie/Connected-Information-Security-Framework-Core-Components/ and  http://channel9.msdn.com/posts/Jossie/Technical-Preview-for-CATNET-20/

Good news, workaround: copying the URL from the embed HTML ( < /> icon) and pasting it into Windows Media Player 11 "Open URL",  the video+audio streams perfectly:

   http://ecn.channel9.msdn.com/o9/ch9/6/9/6/3/9/4/antiXSS31_ch9.wmv

The trouble?: WMP11 says the audio codec is: "Windows Media Audio 10 Professional, 128 kbps, 44 kHz, 2 channel 24 bit 2-pass VBR".  24 bits seems like overkill for a voiceover, and Silverlight 3.0 won't play it. (Or is it a container problem?) 

Suggestion:  In future, encode audio for WMA 9 and/or 16 bit for maximum backward compatibility.

 

 

Microsoft Communities