White Papers
Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks
Category: Software and Web Development
Tags: asp
Overview The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent classic web input validation attacks such as HTML injection and XSS (Crosssite Scripting). This paper introduces script injection payloads that bypass ASP .NET web validation filters and also details the trial-and-error procedure that was followed to reverse-engineer such filters by analyzing .NET debug errors. It is worth noting that the techniques included in this paper are meant to be used when ValidateRequest is enabled, which is the default setting of ASP .NET. ValidateRequest can be enabled or disabled on a per-page basis or as an application-wide configuration.
- Publisher
- ProCheckUp
- File Format
- Date Published
- Jan 31, 2009
- Format
- White Papers
- Topics
- Application Development, ASPs
Similiar White Papers
MSDN Webcast: geekSpeak: Asynchronous Programming Demystified With Gerald Walsh (Level 200)
The presenter of this webcast, Microsoft MVP, provides insight into the patterns, models, objects, and practices of deve
Publisher: Microsoft Tips | Tags: applications, management
Developing ASP Components,: Server-Side XML Through VB ASP Components
ASP application developers are not immune to the lure of XML, yet there is confusion about how XML can be used with a se
Publisher: O'Reilly Media | Tags: asp, developers
MSDN Webcast: geekSpeak: ASP.NET Dynamic Data With Rachel Appel (Level 200)
The geekSpeak webcast series brings the industry experts in a "talk-radio" format hosted by developer evangelists from M
Publisher: Microsoft
Determining the ROI of Web Application Acceleration Managed Services
Web-based applications are virtually critical to business operations today. An understanding of the costs and benefits
Publisher: Akamai Technologies | Tags: applications, idc, managed services, tco
MSDN Webcast: ASP.NET Soup to Nuts: Web Application Design and Architecture (Level 200)
This webcast explores the design and architecture of a Web application built for scalability, reliability, and maintaina
Publisher: Microsoft
Featured white papers
-
The Value of Location Intelligence in the Communications Industry
Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities...
-
Best Practices for Translating Customer Satisfaction into Revenue
Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language...
-
HP print solutions and 3M
The objective for 3M was to optimize office printing infrastructure at 3M locations worldwide, reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print solutions...
-
Check out these top business apps for your iPhone
-
Inside a Microsoft datacentre
-
Green IT without losing your edge
-
Peter Cochrane's latest video blog
-
What you need to know about Windows 7