Need a C#.NET sample project that shows (and fixes) various URL related XSS exposures.

Need a C#.NET sample project that shows (and fixes) various URL related XSS exposures.

I will build one myself, if need be. But if one exists, all the better.

Can you suggest anything?

Thanks
newbiewebSr. Software EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ste5anSenior DeveloperCommented:
Fixing XSS is an architectural task. Simple don't trust user input. Validate and sanitize it. Where it is used to generate output you need to escape any kind of injection.

Use strict domain checks where you have user input. When you expect a number, test for numbers. When you expect text, then test for text. And refuse e.g. HTML or JavaScript. Just accept the smallest allowed domain. Which requires that you a) define the domain first and also implement constraints on all levels.
0
newbiewebSr. Software EngineerAuthor Commented:
Thanks.

More specific to my post, I meant a sample project that demo's how to fix common XSS attack attempts.

I just wondered if there was a sample project which listed a handful of common exposures, and shows the fix for each.
0
btanExec ConsultantCommented:
Not specific to. NET but it touches on three types of Cross Site Scripting: Stored, Reflected, and DOM-Based.
https://www.owasp.org/index.php/Testing_for_Cross_site_scripting#XSS_Filter_Evasion_Cheat_Sheet
There actually vulnerable web app labs (not. NET) to help in the understanding - Look for XSS
http://chousensha.github.io/blog/2014/08/15/pentest-lab-webgoat/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
newbiewebSr. Software EngineerAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.