[WEB SECURITY] ASP.NET 3.5 Request Validation

Mark Roxberry mroxberr at msn.com
Sat Jun 14 18:40:47 EDT 2008


As far as I know there is no update for System.Web.dll from v2.0, the assembly where the CrossSiteScriptingValidation class lives.  I looked at System.Web.Extensions v3.5, but didn't see anything related to validation.  If anyone does find anything, please post (we've added the request validation stuff to the OWASP site: http://www.owasp.org/index.php/ASP.NET_Request_Validation)





Date: Sat, 14 Jun 2008 10:29:14 -0400From: mmenefee at securesolve.comTo: eric at rachner.us; websecurity at webappsec.orgSubject: RE: [WEB SECURITY] ASP.NET 3.5 Request Validation



That covers the differences between 1.0 and 2.0, but I havent been able to find anything on the topic for v3.5. I assume they have made improvements, but that may be a stretch...
 


From: Eric Rachner [mailto:eric at rachner.us] Sent: Saturday, June 14, 2008 1:11 AMTo: Michael S. Menefee; websecurity at webappsec.orgSubject: RE: [WEB SECURITY] ASP.NET 3.5 Request Validation


Check out Mike Eddington’s blog post on the subject @ http://phed.org/2008/04/23/aspnet-20-dumbs-down-request-validation/
 
You can also just decompile the binary yourself using a utility such as .NET Reflector.
 


From: Michael S. Menefee [mailto:mmenefee at securesolve.com] Sent: Friday, June 13, 2008 12:45 PMTo: websecurity at webappsec.orgSubject: [WEB SECURITY] ASP.NET 3.5 Request Validation
 

Can anyone point me in the direction of any documentation on ASP.NET 3.5's request validation? I'm curious how it has changed since v2

 

Thanks!

 
_________________________________________________________________
Enjoy 5 GB of free, password-protected online storage.
http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_062008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080614/7c190da9/attachment.html>


More information about the websecurity mailing list