Does anybody has ever created any class consisting of functions to deal with web security vulnerabilities. I do know that we can do avoid by adding some config settings like validaterequest and enableheader.
+1
A:
Visit http://www.owasp.org and look at the AntiSamy library for validating all input. (http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project)
While You're there, also check out ESAPI.NET (http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=.NET) which currently has a 0.1 release.
Joe Davis
2009-06-11 22:36:50
A:
You could use Microsoft's AntiXSS library to help. It works more on scrubbing output before rendering the page than on scrubbing input before you insert it into the DB.
Edit: here is the download link, the other link is to their documentation
AgileJon
2009-06-11 22:39:34