HTTP:: Web Protection Library 1 0 CTP the Evolution of the Anti XSS Library
--------
Microsoft is cooking the next iteration of the Anti-Cross Site Scripting Library, promising that the first Community Technology Preview will be made available soon. No definitive availability date was made public at the time of this article, but Anil Revuru, Senior SDE, Information Security Tools team, did share some details about the evolution of the Anti-XSS Library. A key aspect of this evolution is the fact that the security resource is no longer focused exclusively on anti-cross site scripting. In this regard, Microsoft has rebranded the old Anti-XSS Library as the Web Protection Library or WPL. Revuru explained that the Web Protection Library label was designed to illustrate the new mitigations added to the Anti-XSS Library and Security Runtime Engine (SRE). “WPL now includes encoding methods to provide mitigations around LDAP Injection and CSS Injections (Cascading Style Sheets) with several others planned for the future. The runtime protection module includes a !
new HTTP Module that detects and protects from SQL Injection attempts using a specialized SQL Parser to detect any valid SQL queries in the input,†Revuru stated. Moving forward, Microsoft is advising developers that are leveraging ASP.NET in order to build websites to turn to Web Protection Library 1.0...
--------
http://news.softpedia.com/news/Web-Protection-Library-1-0-CTP-the-Evolution-of-the-Anti-XSS-Library-124629.shtml
--------
This e-mail was sent by Experiment23 Inc., located in New York, NY
10163. To not receive further e-mails, please visit
http://help.pingie.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment