Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ASP.NET default input validation

from [Mark K. Murdock] Network Security [Permanent Link]
Subject: ASP.NET default input validation
Date: Wed, 21 Mar 2007 21:49:16 -0500 
Has anyone identified a way to pass a "<script" string through the
default form/cookie/query validation in ASP.NET 2.0?  I'm referring to
the validation performed on input unless ValidateRequest="false" is
defined in the page directive, web.config, or machine.config file.
We've tried a variety of encodings but haven't found one yet that
doesn't throw an HttpRequestValidationException.

Thanks,
Mark

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. Download a 
free trial of AppScan today and see why more customers choose AppScan 
then any other solution.

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008fHP
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Announcing: 6th OWASP AppSec Conference - May 15-17 2007 - Milan, Italy, Dave Wichers
Next by Date:  [Full-disclosure] Fuzzled - Perl fuzzing framework, Tim Brown
Previous by Thread:  Announcing: 6th OWASP AppSec Conference - May 15-17 2007 - Milan, Italy, Dave Wichers
Next by Thread:  Re: ASP.NET default input validation, pagvac
Indexes:  [Date] [Thread] [Top] [All Lists]