.Net Validators – Don’t Forget Page.IsValid

Posted by on March 31, 2012 · Comments Off on .Net Validators – Don’t Forget Page.IsValid
Filed under: Development, Security 

ASP.net does a good job of providing a simple way to provide input validation.  Just about any security presentation or class will put a lot of emphasis on the concept of input validation.  One of the techniques that you can use with web forms is the built in validator controls.  In general, these controls automatically ...

WCSA – Web.Config Security Analyzer

Posted by on March 31, 2012 · Comments Off on WCSA – Web.Config Security Analyzer
Filed under: Development 

In an ASP.Net application, the web.config file contains a lot of security settings that shouldn’t be overlooked.  There has been no real easy way to review the file without manually looking at each setting or running an expensive tool.  To fill this gap, WCSA was born.  This initial release is relatively simple and by no ...

Request Validation in ASP.Net 4.5 Beta

Posted by on March 11, 2012 · Comments Off on Request Validation in ASP.Net 4.5 Beta
Filed under: Security 

The next version of Microsoft’s ASP.Net framework is currently in Beta and there are some pretty cool changes to how Request Validation works in version 4.5.   Up until now, there were two ways to enable or disable request validation: Globally – This controls request validation for the entire application. ...