Connected Information Security Framework: Core Components
Play Anti-XSS Library v3.1: Find, Fix, and Verify Errors
Description
Anil Revuru (RV) from
Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1 including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.
He talks about:
-
What is Cross-Site Scripting Attack (XSS)
-
How to detect Cross Site Scripting Vulnerabilities
-
Introduction of Anti-XSS Library
-
What’s new in Anti-XSS Library 3.1
-
Anti-XSS 3.1 demo
-
Security Runtime Engine (SRE)
-
SRE Demo
To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security
and previous posts from the Security Tools Team blog.
Overview of the Anti-XSS Library
Download: Microsoft Anti-Cross Site Scripting Library v3.1
Download
Download this episode
- High Quality WMV (181.5 MB)
- MP3 (10.0 MB)
- Low Quality MP4 (29.0 MB)
- WMV (42.1 MB)
More episodes in this series
Assessment and Protection Suite
Related episodes
Anti-XSS 3.0 Released
Using the Web Protection Library (WPL) - CTP Version
Assessment and Protection Suite
Enhanced Web Protection Library
Threat Modeling LOB Applications with TAM 3.0
SQL Detect
Architecture Behind CAT.NET
Threat Analysis & Modeling Tool - TAM 3.0
Using Web Application Configuration Analyzer (WACA) - CTP Version
Web Application Configuration Analyzer (WACA)
The Discussion
-
Tavis I get an error message when I tried to play the video:
Media Failure. Try reloading the page or visiting the main site for assistance.
I tried reloading the page without success.
-
Jossie Hi Tavis, try playing the video now. Usually it is not the video but the site. When you see that message come back to the video later and it tends to be fixed. It worked for me now. Let me know!
-
SrinivasG Thanks for the demo.. This is really very informative..
-
ramaraju.r Thanks a lot! Very informative.
-
Elroy Flynn It sure would be nice to have the usual controls for this presentation (stop/start/rewind)
-
Rasha Informative, as everyone said...but got no sound!! Can any one help me out? Sometimes media player is opened, after the completion of down load, i am asked to download some codec to run!!..
-
f.hausman Thanks for posting this presentation.
Bad news: Sound for this slideshow won't play in Silverlight 3.0.50106.0 (from silverlight.net) in IE 8.0.6001.1870 and FF 3.6, Win XP SP3 + all updates, AMD Sempron 1.8GHz. I don't think it's a CPU issue, because other videos do play with sound, such as this one uploaded by Jossie on the same day (Sept. 23, 2009): https://channel9.msdn.com/posts/Jossie/Connected-Information-Security-Framework-Core-Components/ and https://channel9.msdn.com/posts/Jossie/Technical-Preview-for-CATNET-20/
Good news, workaround: copying the URL from the embed HTML ( < /> icon) and pasting it into Windows Media Player 11 "Open URL", the video+audio streams perfectly:
http://ecn.channel9.msdn.com/o9/ch9/6/9/6/3/9/4/antiXSS31_ch9.wmv
The trouble?: WMP11 says the audio codec is: "Windows Media Audio 10 Professional, 128 kbps, 44 kHz, 2 channel 24 bit 2-pass VBR". 24 bits seems like overkill for a voiceover, and Silverlight 3.0 won't play it. (Or is it a container problem?)
Suggestion: In future, encode audio for WMA 9 and/or 16 bit for maximum backward compatibility.
-
kumaratwin Can I use this on classic ASP applications? Please point me to a right article or video if we can?
Thanks,
Kumar Pindiprolu.
-
anilkr Unfortunately both Anti-XSS library and CAT.NET work on mangaed code. It can't be used with classic ASP applications.