ViewState XSS: What’s the Deal?
Posted by James Jardine on September 17, 2012 · Comments Off on ViewState XSS: What’s the Deal?
Filed under: Development, Security, Testing
Filed under: Development, Security, Testing
Many of my posts have discussed some of the protections that ASP.Net provides by default. For example, Event Validation, ViewStateMac, and ViewStateUserKey. So what happens when we are not using these protections? Each of these have a different effect on what is possible from an attacker’s stand point so it is important to understand what ...