Anil John on ASP.NET and XSS

Anil John posted some observations about cross-site scripting attacks and the mitigations offered by ASP.NET 1.1.

Matt Lyons did an XSS demo explaining some of this at the 2003 PDC Security Symposium. His demo is in the middle session: SECSYM2 - Security Symposium: Putting Security Theory Into Practice: Processes and Policies. Check it out here. You need to navigate through the Symposia heading.

Update: I really messed up the attribution on this. Anil was linking to an entry by Julie Lerman.

Comments

• Anonymous
  March 01, 2004
  Actually, Julie posted the above. I just expanded on it :-)
• Anonymous
  March 02, 2004
  Oh, sorry about that. I've updated the posting.
  
  Cheers,
  
  Brian