Another Request Validation Bypass?

Posted by on August 29, 2012 · Comments Off on Another Request Validation Bypass?
Filed under: Development, Security 

I stumbled across this BugTraq( on Security Focus today that indicates another way to bypass ASP.Net’s built in Request Validation feature. It was reported by Zamir Paltiel from Seeker Research Center showing us how using a % symbol in the tag name (ex. <%tag>) makes it possible to bypass Request Validation and apparently ...

Request Method Can Matter

Posted by on August 15, 2012 · Comments Off on Request Method Can Matter
Filed under: Development, Security 

One of the nice features of ASP.Net is that many of the server controls populate their values based upon the request method.  Lets look at a quick example.   If the developer has created a text box on the web form, called txtUserName, then on a post back the Text property will be populated from the ...

ModSecurity released for IIS

Posted by on August 2, 2012 · Comments Off on ModSecurity released for IIS
Filed under: Security 

It was just announced on Microsoft Technet that a ModSecurity extension is now available for IIS.  While this is still in Release Candidate status, a stable release is expected soon.  There are standard MSI installers for IIS 7 and later versions on Source Forge. For the full write-up please visit the Microsoft Research ...