ASP.NET and input validation against XSS

The today’s topic is XSS under ASP.NET and how validation filters and request filters works and are applied under ASP.NET. The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to […]

Le vulnerabilita` XSS sono sottovalutate

Vi racconto una storiella accaduta circa un paio di settimane fa. Come spesso accade qualcuno incolla un link in una delle chat che frequento, io ci clicco sopra e mi trovo un sito di uno dei maggiori partiti politici italiani, con un form che richiede l’inserimento di dati personali per la registrazione a una sottoscrizione.Non […]

Rails Security: Secure your Ruby on Rails web application

Ruby on Rails is a great Ruby framework for rapid development of web applications. But default Rails comes with some (in)security features that must be hardened and fixed. And a lot of the how to and tutorials in internet that publish the sponsor “websites in 5 minutes” help people to write insecure code. Some examples: […]