The Perfect Storm Botnet has a lot of great information on the storm botnet and how web developers can inadvertently contribute to the spread of the malware that renders millions of computers into zombie spambots via cross-site script (XSS) injection attacks through website form submissions. Fortunately, there is an easy way in ASP.NET to prevent this: use the HTML.Encode() method on anything output to a webpage." />

Tecture Blog

09 January, 2009

Prevention of cross-site scripting (XSS) attacks in ASP.NET

Posted by Ben Rowland in Web technology

Rob Conery's blog post on The Perfect Storm Botnet has a lot of great information on the storm botnet and how web developers can inadvertently contribute to the spread of the malware that renders millions of computers into zombie spambots via cross-site script (XSS) injection attacks through website form submissions. Fortunately, there is an easy way in ASP.NET to prevent this: use the HTML.Encode() method on anything output to a webpage.