<div>
<div class="content wysiwyg-content">
How good is the Anti-XSS library from Microsoft?<br />
<br />
In the debates between a Content Security Policy vs. the Anti-XSS library from Microsoft, is there a need for both?<br />
<br />
It seem the Anti-XSS library from Microsoft will mitigate a variety of potential XSS attacks. But, where is it lacking?<br />
<br />
What aspects of CSP are needed when trying to close all the exposures, that the Anti-XSS library from Microsoft does not close?<br />
<br />
Thanks
</div>
</div>


How good is the Anti-XSS library from Microsoft?

In the debates between a Content Security Policy vs. the Anti-XSS library from Microsoft, is there a need for both?

It seem the Anti-XSS library from Microsoft will mitigate a variety of potential XSS attacks. But, where is it lacking?

What aspects of CSP are needed when trying to close all the exposures, that the Anti-XSS library from Microsoft does not close?

Thanks

Anti-XSS library from Microsoft VERSUS a Content Security Policy (CSP)

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

.NET Programming

Most development for the Microsoft platform is done utilizing the technologies supported by the.NET framework. Other development is done using Visual Basic for Applications (VBA) for programs like Access, Excel, Word and Outlook, with PowerShell for scripting, or with SQL for large databases.

Microsoft Development

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.