[WEB SECURITY] ASP.NET 3.5 Request Validation

Mark Roxberry mroxberr at msn.com
Sat Jun 14 18:40:47 EDT 2008

As far as I know there is no update for System.Web.dll from v2.0, the assembly where the CrossSiteScriptingValidation class lives.  I looked at System.Web.Extensions v3.5, but didn't see anything related to validation.  If anyone does find anything, please post (we've added the request validation stuff to the OWASP site: http://www.owasp.org/index.php/ASP.NET_Request_Validation)

Date: Sat, 14 Jun 2008 10:29:14 -0400From: mmenefee at securesolve.comTo: eric at rachner.us; websecurity at webappsec.orgSubject: RE: [WEB SECURITY] ASP.NET 3.5 Request Validation

That covers the differences between 1.0 and 2.0, but I havent been able to find anything on the topic for v3.5. I assume they have made improvements, but that may be a stretch...

From: Eric Rachner [mailto:eric at rachner.us] Sent: Saturday, June 14, 2008 1:11 AMTo: Michael S. Menefee; websecurity at webappsec.orgSubject: RE: [WEB SECURITY] ASP.NET 3.5 Request Validation

Check out Mike Eddington’s blog post on the subject @ http://phed.org/2008/04/23/aspnet-20-dumbs-down-request-validation/
You can also just decompile the binary yourself using a utility such as .NET Reflector.

From: Michael S. Menefee [mailto:mmenefee at securesolve.com] Sent: Friday, June 13, 2008 12:45 PMTo: websecurity at webappsec.orgSubject: [WEB SECURITY] ASP.NET 3.5 Request Validation

Can anyone point me in the direction of any documentation on ASP.NET 3.5's request validation? I'm curious how it has changed since v2



Enjoy 5 GB of free, password-protected online storage.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080614/7c190da9/attachment.html>

More information about the websecurity mailing list