How to control path composition to protect ASP.NET web application from directory traversal vulnerability in VB.NET

There is a threat for file access named path canonicalization. Canonicalization is a process for converting data in standard (or canonical) form and it refers to the action that builds a path in a safe form. The next picture shows this process:

Path canonicalization in action. If an attacker passes special characters, such as .. […]

How to control path composition to protect ASP.NET web application from directory traversal vulnerability in C#

There is a threat for file access named path canonicalization. Canonicalization is a process for converting data in standard (or canonical) form and it refers to the action that builds a path in a safe form. The next picture shows this process:

Path canonicalization in action. If an attacker passes special characters, such as .. […]

How to handle and display user input to protect ASP.NET web application from XSS in VB.NET

Cross site scripting (or XSS) is the most insidious kind of attack because it’s quite often invisible at first glance.  XSS is based on some code (markup or JavaScript) that is injected into your page. The most common is related to that’s saved in a database after end user input and then loaded in a page. […]

How to handle and display user input to protect ASP.NET web application from XSS in C#

Cross site scripting (or XSS) is the most insidious kind of attack because it’s quite often invisible at first glance.  XSS is based on some code (markup or JavaScript) that is injected into your page. The most common is related to that’s saved in a database after end user input and then loaded in a page. […]

How to monitor and block bad requests in ASP.NET in VB.NET

You can use approach described in the article How to handle improper parameter values in ASP.NET in VB.NET to create a blocking engine to handle and improve parameter values. You should manage invalid requests and notify the client about any invalid parameters that were passed in. You should reply to the request using one of the […]

How to monitor and block bad requests in ASP.NET in C#

You can use approach described in the article How to handle improper parameter values in ASP.NET in C# to create a blocking engine to handle and improve parameter values. You should manage invalid requests and notify the client about any invalid parameters that were passed in. You should reply to the request using one […]

How to handle improper parameter values in ASP.NET in VB.NET

You should take care about the values coming with the HTTP requests, because improper values are dangerous. These values can alter behavior of your application, generate runtime exceptions, and expose the error details to an attacker. You need to inspect these values and protect your application, by using a unified approach to sanitize them.
You can improve […]

How to handle improper parameter values in ASP.NET in C#

You should take care about the values coming with the HTTP requests, because improper values are dangerous. These values can alter behavior of your application, generate runtime exceptions, and expose the error details to an attacker. You need to inspect these values and protect your application, by using a unified approach to sanitize them.

How to use encrypted URL queries in ASP.NET in VB.NET

The article How to hide URL query information in ASP.NET in VB.NET describes a class named EncryptedQueryString which is used in the next example to illustrate how you can use it in your projects. You have to build two web pages:

– The first one (QueryStringSender) can contain a text box […]

How to use encrypted URL queries in ASP.NET in C#

The article How to hide URL query information in ASP.NET in C# describes a class named EncryptedQueryString which is used in the next example to illustrate how you can use it in your projects. You have to build two web pages:

– The first one (QueryStringSender) can contain a text […]

Recommended ASP.NET Examples