Microsoft Anti-XSS library is a utility released by Microsoft for fighting against well known attacks XSS. It runs on a server based on ASP.Net server. It differs from most encoding libraries in that it uses the white-listing technique ,sometimes referred to as the principle of inclusions, to provide protection against XSS attacks.
This approach works by first defining a valid or allowable set of characters, and encodes anything outside this set invalid characters or potential attacks. The white-listing approach provides several advantages over other encoding schemes.
One of the common web application problem today is Cross Site Scripting , Microsoft Anti-Cross Site Scripting Library is a must have tool for security developer , security auditor. using this tool will immediately point you where actually you need to rectify.
BTW its requires .Net Framework for running and Asp.net web-based applications for working and is released for it only.
New features in version 3.1 of the Microsoft Anti-Cross Site Scripting Library include:
- An expanded white list that supports more languages
- Performance improvements
- Performance data sheets (in the online help)
- Support for Shift_JIS encoding for mobile browsers
- A sample application
- Security Runtime Engine (SRE) HTTP module
- HTML Sanitization methods to strip dangerous HTML scripts.
0 nhận xét:
Đăng nhận xét