Anti XSS Anti-cross-site Scripting attack Library

https://wpl.codeplex.com/

Before understanding Anti-Cross Site Scripting Library (AntiXSS), let us understand Cross-site-Scripting (XSS).

Cross-site Scripting (XSS)

Cross-site Scripting attacks is a type of injection problem, in which malicious scripts is injected into the otherwise B Enign and trusted Web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a Web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed is quite widespread and occur anywhere a Web application uses input from a user In the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no-to-know that the script should isn't be trusted, and would execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or O Ther sensitive information retained by your browser and used with the that site. These scripts can even rewrite the content of the HTML page.

Cross-site Scripting (XSS) attacks occur when:

1. Data enters a Web application through a untrusted source, most frequently a Web request.
2. The data is included in dynamic content which is sent to a Web user without being validated for malicious code.

The malicious content sent to the Web browser often takes the form of a segment of JavaScript, and may also include HTML, Flash or any other type of code, the browser may execute. The variety of attacks based on XSS are almost limitless, but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to Web content controlled by the attacker, or perform ing other malicious operations on the user's machine under the guise of the vulnerable site.

Anti-Cross Site Scripting Library

AntiXSS helps protect your current applications from Cross-site scripting attacks, at the same time helping Protect your legacy application with its Security Runtime Engine. AntiXSS incorporates radically and innovatively rethought features, offering you a newer, more powerful weapon against the Often employed Cross-site scripting (XSS) attack. AntiXSS gives you:

• Improved performance. AntiXSS have been completely rewritten with performance on mind, and yet retains the fundamental protection from XSS attack S. You has come to rely on for your applications.
• Secure globalization. The web is a global market place, and Cross-site scripting is a global issue. An attack can is coded anywhere, and ANTI-XSS now protects against XSS attacks coded in dozens of languages.
• Standards Compliance. AntiXSS is written to comply with modern web standards. You can protect your Web application without adversely affecting its UI.

How it works?

Proper output encoding and good input validation'll fix the XSS issue. For output encoding, use AntiXSS Library for its comprehensive encoding capabilities. AntiXSS works by looking at all the characters in the input and encoding characters not in the whitelist.

XSS VulnerabilityHide Copy Code

Response.Write(Request.Params["input"]);

To prevent XSS, we need to use the below code (AntiXSS):

Hide Copy Code

AntiXss.UrlEncode(TextBox1.Text)AntiXss.HtmlAttributeEncode(TextBox1.Text)AntiXss.XmlEncode(TextBox1.Text)AntiXss.JavaScriptEncode(item)

You can download AntiXSS the library from here.

Anti XSS Anti-cross-site Scripting attack Library