.Net Validators – Don’t Forget Page.IsValid
Filed under: Development, Security
ASP.net does a good job of providing a simple way to provide input validation. Just about any security presentation or class will put a lot of emphasis on the concept of input validation. One of the techniques that you can use with web forms is the built in validator controls. In general, these controls automatically ...
WCSA – Web.Config Security Analyzer
Filed under: Development
In an ASP.Net application, the web.config file contains a lot of security settings that shouldn’t be overlooked. There has been no real easy way to review the file without manually looking at each setting or running an expensive tool. To fill this gap, WCSA was born. This initial release is relatively simple and by no ...
Request Validation in ASP.Net 4.5 Beta
Filed under: Security
The next version of Microsoft’s ASP.Net framework is currently in Beta and there are some pretty cool changes to how Request Validation works in version 4.5. Up until now, there were two ways to enable or disable request validation: Globally – This controls request validation for the entire application. ...