How Do I Understand and Defend Against Script Injection Attacks in ASP.NET

Comment Posted by dil4u

Wed, 14 Oct 2009 09:04:54 GMT

brilliant video....

Comment Posted by invervegas

Wed, 14 Oct 2009 09:07:36 GMT

Awesome video, I hope we see more on this topic.

Comment Posted by charles.f.phillips

Wed, 14 Oct 2009 19:55:21 GMT

Excellent! I've been "JavaScripting" for over a decade, but I had no idea you could be so malicious - I just learned how innocent and ignorant I really am...

Comment Posted by haithemara

Thu, 15 Oct 2009 00:42:08 GMT

Nice Video.

Comment Posted by novakg

Tue, 20 Oct 2009 20:56:06 GMT

Thanks, Joe. Now I have a *bunch* more work to do. {sigh}

Comment Posted by neo302

Mon, 02 Nov 2009 20:32:54 GMT

Excellent job on the video.

Comment Posted by Vishal

Fri, 13 Nov 2009 09:01:50 GMT

Brilliant video Joe, thanks a lot!

Comment Posted by akatyal

Fri, 12 Feb 2010 07:17:15 GMT

Good job man. Thank you for enlightening simpletons like me. Makes me wonder how many innocent people out there fall prey to such attacks. But thanks to you and people like you that use the knowledge they have for the good of others. This is a great form of charity. My hat's off to you!

P.S. People that saw this video - just like Joe mentioned, in conjunction with this implement other safeguards as well available in asp.net + AJAX to control and validate the user input througout your site.

Comment Posted by mojara2009

Thu, 01 Jul 2010 20:26:53 GMT

Wow this is really informative so far.

Comment Posted by chullos

Sat, 31 Jul 2010 19:21:17 GMT

Dear Joe!

Hi, thank you for this great video, will be great you can add another videos giving us more real techniques to apply and tell us how to create the customized paged for the unhundled exception. Thank you.

Comment Posted by lilmammal

Wed, 15 Dec 2010 14:22:12 GMT

Great video. I do have a question though. In the XSS demo using the overlay - how is this a threat to other users? Wouldn't this malicious credit card phish control only display in the attacker's browser?

Comment Posted by scal

Thu, 07 Jul 2011 11:04:30 GMT

Great video and 'quick' (yes, there is much much more to teach/learn in the subject) presentation.

@lilmammal: the script that does the overlay + send ajax to store the CC info is stored into a DB and executed at rendering of the page, so it renders for all people visiting that page.

It would only stop executing if the shout-box was to display only the latest X shouts, and there were at least X new shouts after the malicious one.

Comment Posted by olo21

Sat, 29 Oct 2011 13:34:27 GMT

Great video