Thursday, August 28, 2008

Enable XSS Detect in VS 2008


XSS Detect is a code-analysis tool proposed, as suggested by its name, for reveal of XSS vulnerabilities in web-applications.
It's developed by MS ACE Team and could be downloaded here: XSS Detect

The problem is that out of the box it works in VS 2005 only. Here is how to enable it in Visual Studio 2008:
  1. Open %USERPROFILE%\Application Data\Microsoft\MSEnvShared\Addins

  2. Insert < Version > 9.0 < /Version > in HostApplication section


Preventing XSS in server code in .aspx files using AntiXss


Preventing XSS in server code in .aspx files using AntiXss:

_someID=
      <%=Microsoft.Security.Application.AntiXss.HtmlEncode(Request.Form["someID"])%>


Note that you need to specify fully qualified assembly name for the AntiXss.

Sunday, August 24, 2008

Monday, August 04, 2008

Viewing log4net files in notepad++


If you're a frequent user of notepad++ and log4net - here is a nice trick I've discovered, that brings a synergism between two. As you know - notepad++ has an option to highlight syntax for subset of supported languages. It is either applied automatically, based on the file extension or could be chosen manually from the Language menu.
And here is the trick - just select VB language for opened log4net file (<Alt>+L,V,Enter) and you have a very readable syntactic highlights.