[WEB SECURITY] ASP.NET 3.5 Request Validation
mroxberr at msn.com
Sat Jun 14 18:40:47 EDT 2008
As far as I know there is no update for System.Web.dll from v2.0, the assembly where the CrossSiteScriptingValidation class lives. I looked at System.Web.Extensions v3.5, but didn't see anything related to validation. If anyone does find anything, please post (we've added the request validation stuff to the OWASP site: http://www.owasp.org/index.php/ASP.NET_Request_Validation)
Date: Sat, 14 Jun 2008 10:29:14 -0400From: mmenefee at securesolve.comTo: eric at rachner.us; websecurity at webappsec.orgSubject: RE: [WEB SECURITY] ASP.NET 3.5 Request Validation
That covers the differences between 1.0 and 2.0, but I havent been able to find anything on the topic for v3.5. I assume they have made improvements, but that may be a stretch...
From: Eric Rachner [mailto:eric at rachner.us] Sent: Saturday, June 14, 2008 1:11 AMTo: Michael S. Menefee; websecurity at webappsec.orgSubject: RE: [WEB SECURITY] ASP.NET 3.5 Request Validation
Check out Mike Eddington’s blog post on the subject @ http://phed.org/2008/04/23/aspnet-20-dumbs-down-request-validation/
You can also just decompile the binary yourself using a utility such as .NET Reflector.
From: Michael S. Menefee [mailto:mmenefee at securesolve.com] Sent: Friday, June 13, 2008 12:45 PMTo: websecurity at webappsec.orgSubject: [WEB SECURITY] ASP.NET 3.5 Request Validation
Can anyone point me in the direction of any documentation on ASP.NET 3.5's request validation? I'm curious how it has changed since v2
Enjoy 5 GB of free, password-protected online storage.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity