Microsoft continues to release free hands on labs.  This time it is all about validating input’s to stop common security risks.  They can be downloaded here.  Or for those that are lazy

File Name: Content

  • Use Access Control Lists (ACLs) and impersonation to control access to resources, instead of kludgey pathname comparisons
  • Use HttpRequest.MapPath to restrict physical file paths to the current virtual directory

  • View and edit cookies for your own web application to test for security flaws
  • Detect cookie tampering at runtime using a cryptographic keyed hash

  • Recognise XSS vulnerabilities
  • Encode untrusted output with HtmlEncode
  • Validate input with a regular expression
  • Use ASP.NET’s built-in XSS protection mechanism

Use regular expressions to validate input.

How to defend against SQL Injection Attacks

How to used validation controls


For those of you, like me who don’t know what Canonicalization is here is the wikipedia definition

Canonicalization is the process of converting data that has more than one possible representation into a “standard” canonical representation.