Microsoft continues to release free hands on labs.  This time it is all about validating input’s to stop common security risks.  They can be downloaded here.  Or for those that are lazy

File Name: Content

CanonicalizationLab.zip

  • Use Access Control Lists (ACLs) and impersonation to control access to resources, instead of kludgey pathname comparisons
  • Use HttpRequest.MapPath to restrict physical file paths to the current virtual directory

CookiesLab.zip

  • View and edit cookies for your own web application to test for security flaws
  • Detect cookie tampering at runtime using a cryptographic keyed hash

CrossSiteScriptingLab.zip

  • Recognise XSS vulnerabilities
  • Encode untrusted output with HtmlEncode
  • Validate input with a regular expression
  • Use ASP.NET’s built-in XSS protection mechanism

RegularExpressionsLab.zip

Use regular expressions to validate input.

SqlInjectionLab.zip

How to defend against SQL Injection Attacks

ValidationControlsLab.zip

How to used validation controls

 

For those of you, like me who don’t know what Canonicalization is here is the wikipedia definition

Canonicalization is the process of converting data that has more than one possible representation into a “standard” canonical representation.

 

Advertisements