crosssitescriptinglab | Channel 9

Sign In

Subscribe

Return to HomePage

Cross-Site Scripting Lab Modules

The cross-site scripting lab modules show you how to protect from cross-site scripting issues.

Contents

* Objectives
* Video
* Lab
* Recommended Guidance
* Feedback

Objectives

* Recognize cross-site scripting vulnerabilities.
* Encode untrusted output with HtmlEncode.
* Validate input with a regular expression.
* Use ASP.NET’s built-in cross-site scripting protection mechanism.

Video

The video is a small wmv file download:
* Video Demonstration Cross Site Scripting

Lab

The lab is small zip that you need to extract to see the example code:
* Lab Project Files CrossSiteScriptingLab.zip

Recommended Guidance

* How To: Prevent Cross-Site Scripting in ASP.NET
* How To: Protect From Injection Attacks in ASP.NET
* How To: Use Regular Expressions to Constrain Input in ASP.NET
* Design Guidelines for Secure Web Applications (See "Input Validation" section)
* Architecture and Design Review for Security (See "Input Validation" section)
* Security Guidelines: ASP.NET 2.0 (See "Input and Data Validation" section)

Feedback

* Send mail to labmods at microsoft.com

Return to HomePage

- History
  
  Modified By: System
  
  Apr 30th, 2008 @ 11:12 AM
  
  Views (244)
- Share
  - Del.icio.us
  - Digg
  - FriendFeed
  - Facebook
Markup Quick Guide

*bold*

_italics_

+underline+

! Heading 1

!! Heading 2

* Bullet List

** Bullet List 2

# Number List

## Number List 2

[another wiki page]

[url:http://www.example.com]

[image:example.gif]

{"Do not apply formatting"}

ASP.NET: T4MVC now has a real home and a dedicated forum!
TechNet Edge: Windows Server 2008 R2 : New Power Management Features
ASP.NET: Web Deployment Painkillers: VS 2010 & MS Deploy
WindowsClient: Application Accessibility Testing
WindowsClient: Prism & WCF RIA Services
Channel 9: Sharepoint 2010 and Claims-Based Identity
WindowsClient: IRhetoric Ported To BlogEngine.NET
WindowsClient: PDC Recap and More
Channel 9: Reactive Extensions API in depth: Primitives
WindowsClient: New WPF Features: MultiTouch
WindowsClient: codeplex.com/testapi v 0.4 available
Channel 9: The Visual Studio Documentary - Alan Cooper, the Father of Visual Basic
Channel 9: Hanselminutes on 9 - Guided Tour inside the Windows Azure Cloud with Patrick Yantz
ASP.NET: ASP.NET 4.0 ScriptManager Improvements
WindowsClient: XAML Toolkit CTP = FxCopXaml + XamlDom + System.Xaml.dll support for Silverlight XAML
Channel 9: Fishbowl for Facebook
WindowsClient: Free Embeddable Fonts for your WPF Applications
ASP.NET: Program Manager Position on the ASP.NET PM team
Channel 10: Microsoft Teams Up with Nielsen
Channel 10: What Azure Looks Like
close

Microsoft Communities