Entries by AppSec Labs

Anti CSRF Token – ASP.NET

Download AntiCSRF from the CSRF module for ASP.NET. In Project place Idunno.AntiCsrf.dll in Bin folder. Add a reference to the module into your web.config  For IIS6/IIS7 in Classic ASP.NET mode: For IIS7 in integrated pipeline mode: 4. Add the following settings to web.config 5. Add the following codes in Page_Load Event. 6. Add the following codes […]

XSS – PHP Secure Coding

Case #1 HTML escape before inserting untrusted data into HTML element content. Case #2 JavaScript escape before inserting untrusted data into JavaScript data values.   References http://php.net/manual/en/function.htmlspecialchars.php http://php.net/manual/en/function.htmlentities.php http://in3.php.net/strip_tags

XSS – Java Secure Coding

Using Security Encoding Library Download ESAPI.jar from the ESAPI Project page, and add it to library of the project. Import the package in jsp page: <%@ page language=”java” import=”org.owasp.esapi.*” %> Add code according to the different cases: Case #1 HTML escape before inserting untrusted data into HTML element content. Case #2 Attribute escape before inserting untrusted data into […]

XSS – ASP.NET Secure Coding

Using Microsoft Anti XSS Library Download the AntiXss Library(AntiXSSLibrary.dll) from the Microsoft Web Protection Library. Right click the References node of the project to add a reference to the assembly. On particular cases : Case #1 HTML escape before inserting untrusted data into HTML element content Case #2 Attribute escape before inserting untrusted data into HTML […]

Cross Site Scripting (XSS)

Description Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. An attacker can use […]