Anti-XSS Library v3.1: Find, Fix, and Verify Errors
- Posted: Sep 23, 2009 at 10:20 AM
- 22,910 Views
- 9 Comments
Anil Revuru (RV) from
Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1 including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.
He talks about:
-
What is Cross-Site Scripting Attack (XSS)
-
How to detect Cross Site Scripting Vulnerabilities
-
Introduction of Anti-XSS Library
-
What’s new in Anti-XSS Library 3.1
-
Anti-XSS 3.1 demo
-
Security Runtime Engine (SRE)
-
SRE Demo
To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security
and previous posts from the Security Tools Team blog.
Overview of the Anti-XSS Library
Download: Microsoft Anti-Cross Site Scripting Library v3.1
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
More entries in this blog
-
Connected Information Security Framework: Core…
-
Anti-XSS Library v3.1: Find, Fix, and Verify Errors
-
Assessment and Protection Suite
Follow the Discussion
Oops, something didn't work.
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.sign up for email notifications?
I get an error message when I tried to play the video:
I tried reloading the page without success.
Hi Tavis, try playing the video now. Usually it is not the video but the site. When you see that message come back to the video later and it tends to be fixed. It worked for me now. Let me know!
Thanks for the demo.. This is really very informative..
Thanks a lot! Very informative.
It sure would be nice to have the usual controls for this presentation (stop/start/rewind)
Informative, as everyone said...but got no sound!! Can any one help me out? Sometimes media player is opened, after the completion of down load, i am asked to download some codec to run!!..
Thanks for posting this presentation.
Bad news: Sound for this slideshow won't play in Silverlight 3.0.50106.0 (from silverlight.net) in IE 8.0.6001.1870 and FF 3.6, Win XP SP3 + all updates, AMD Sempron 1.8GHz. I don't think it's a CPU issue, because other videos do play with sound, such as this one uploaded by Jossie on the same day (Sept. 23, 2009): http://channel9.msdn.com/posts/Jossie/Connected-Information-Security-Framework-Core-Components/ and http://channel9.msdn.com/posts/Jossie/Technical-Preview-for-CATNET-20/
Good news, workaround: copying the URL from the embed HTML ( < /> icon) and pasting it into Windows Media Player 11 "Open URL", the video+audio streams perfectly:
http://ecn.channel9.msdn.com/o9/ch9/6/9/6/3/9/4/antiXSS31_ch9.wmv
The trouble?: WMP11 says the audio codec is: "Windows Media Audio 10 Professional, 128 kbps, 44 kHz, 2 channel 24 bit 2-pass VBR". 24 bits seems like overkill for a voiceover, and Silverlight 3.0 won't play it. (Or is it a container problem?)
Suggestion: In future, encode audio for WMA 9 and/or 16 bit for maximum backward compatibility.
Can I use this on classic ASP applications? Please point me to a right article or video if we can?
Thanks,
Kumar Pindiprolu.
Unfortunately both Anti-XSS library and CAT.NET work on mangaed code. It can't be used with classic ASP applications.
Remove this comment
Remove this thread
close