canonicalizationlab | Channel 9

Sign In | Sign In (No Live ID)

Subscribe

Return to HomePage

Canonicalization Lab Modules

The canonicalization lab modules show you how to avoid input and data validation security issues related to path validation.

Contents

* Objectives
* Video
* Lab
* Recommended Guidance
* Feedback

Objectives

* Use Access Control Lists (ACLs) and impersonation to control access to resources, instead of pathname comparisons
* Use HttpRequest.MapPath to restrict physical file paths to the current virtual directory.

Video

The video is a small wmv file download:
* Video Demonstration: Paths, URL s, and Canonicalization

Lab

The lab is small zip that you need to extract to see the example code:
* Lab Project Files: CanonicalizationLab.zip

Recommended Guidance

* Design Guidelines for Secure Web Applications (See "Input Validation" section)
* Architecture and Design Review for Security (See "Input Validation" section)

Feedback

* Send mail to labmods at microsoft.com

Return to HomePage

- History
  
  Modified By: System
  
  Apr 30th, 2008 @ 11:12 AM
  
  Views (171)
- Share
  - Del.icio.us
  - Digg
  - FriendFeed
  - Facebook
Markup Quick Guide

*bold*

_italics_

+underline+

! Heading 1

!! Heading 2

* Bullet List

** Bullet List 2

# Number List

## Number List 2

[another wiki page]

[url:http://www.example.com]

[image:example.gif]

{"Do not apply formatting"}

Channel 9

Channel 9: This Week C9: Speech Recognition, Army of 1, TweetCraft and more

WindowsClient

WindowsClient: Can anyone be a DJ?

WindowsClient

WindowsClient: RenderTargetBitmap tips

TechNet Edge

TechNet Edge: Tools to plan and deploy Windows 7 or Server 2008 R2

IIS.NET

IIS.NET: Getting both FastCGI module and AppPool CPULimit to work

WindowsClient

WindowsClient: Microsoft Worldwide Partner Conference

WindowsClient

WindowsClient: Lonely Planet POC on Microsoft Surface

Channel 10

Channel 10: Deep Zoom into MJ’s Life in Pictures

Channel 10

Channel 10: Bing Gets All Twittery

Channel 10

Channel 10: Follow @Microsoft on Twitter (...and All the Rest!)

Channel 9

Channel 9: TweetCraft - A World of Warcraft Twitter Client

Channel 10

Channel 10: TweetCraft: Tweet From World of Warcraft

Channel 9

Channel 9: Microsoft Security Development Lifecycle Templates

WindowsClient

WindowsClient: Hanselminutes Podcast 168 - Successful Cross Platform .NET Development - Mono and Banshee with Aaron Bockover

Channel 10

Channel 10: More Details on Gazelle, Microsoft Research's "Browser OS"

Channel 10

Channel 10: Now You Can Get All Your Mail in Hotmail

TechNet Edge

TechNet Edge: Screencast (Part 1 of 4): Master Your Environment with System Center Configuration Manager 2007

WindowsClient

WindowsClient: JUST RELEASED: p&p Acceptance Test Engineering Guide, Volume I - beta2

TechNet Edge

TechNet Edge: Exchange 2010 Rights Management and Transports

Channel 9

Channel 9: Expert to Expert: Harry Shum - General Purpose Search, Decision Engines and Bing

Microsoft Communities