Browse by Tags - HP Application Security Center Community
United States-English
Home - Tab - Selected
» Blogs - Tab
» Forums - Tab

Browse by Tags


HP Application Security Center Community » All Tags » ASP.NET (RSS)

» Digging into ASP.NET RegEx Validators

RegEx Validators are handy for implementing Whitelist input validation (our DevInspect product has a library of a hundred or so) so it pays to see what they actually do under the covers. The following code is from the class System.Web.UI.WebControls.RegularExpressionValidator which implements the RegEx...
Posted to The HP Security Laboratory (Weblog) by Billy on 11-20-2007

» ASP.NET encoding shortcomings (review of MetaEye analysis)

Yesterday Zeroknock at MetaEye.org released a post to the WASC mailing list entitled URL Encoding/Decoding Flaw Mechanism In ASP.NET[1.0-2.0] Based Web Applications . I read the analysis, and thought I would give some commentary on what the analysis is saying, as well as offer some additional information...
Posted to cat /dev/random | grep security (Weblog) by jbforristal on 04-16-2007

» ASP.NET RPC/Encoded Web service DOS

Severity: High System Affected: IIS Servers exposing ASP.NET Web services that consume arrays in RPC/Encoded mode Applications using System.Xml.Serialization to consume untrusted data in RPC/Encoded mode Description: We have found that by sending a custom SOAP message to an RPC/Encoded web method which...
Posted to HP Security Labs Advisories (Weblog) by erik.peterson on 07-11-2005
Page 1 of 1 (3 items)
Information disclosed in this community becomes public. Exercise caution when deciding to disclose your personal information. HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.  Opinions expressed are your personal opinions or those of the original authors, and not of HP. Please see HP's web Terms of Use for more details.