Another Request Validation Bypass?

Posted by on August 29, 2012 · Comments Off on Another Request Validation Bypass?
Filed under: Development, Security 

I stumbled across this BugTraq(http://www.securityfocus.com/archive/1/524043) on Security Focus today that indicates another way to bypass ASP.Net’s built in Request Validation feature. It was reported by Zamir Paltiel from Seeker Research Center showing us how using a % symbol in the tag name (ex. <%tag>) makes it possible to bypass Request Validation and apparently ...

More

Tags: , , ,

Request Method Can Matter

Posted by on August 15, 2012 · Comments Off on Request Method Can Matter
Filed under: Development, Security 

One of the nice features of ASP.Net is that many of the server controls populate their values based upon the request method.  Lets look at a quick example.   If the developer has created a text box on the web form, called txtUserName, then on a post back the Text property will be populated from the ...

More

Tags: , ,

ModSecurity released for IIS

Posted by on August 2, 2012 · Comments Off on ModSecurity released for IIS
Filed under: Security 

It was just announced on Microsoft Technet that a ModSecurity extension is now available for IIS.  While this is still in Release Candidate status, a stable release is expected soon.  There are standard MSI installers for IIS 7 and later versions on Source Forge. For the full write-up please visit the Microsoft Research ...

More

Tags: