Runtime VS AntiXSS Library Security Engine

Question

Runtime VS AntiXSS Library Security Engine

I see that the web security library (WPL) comes with two different options:

Security Execution Mechanism (SRE)
AntiXSS Library

The first seems great, since no code is needed, this is an HTTPModule. The second requires that you manually add the escape logic to the code.

Despite this advantage that I mentioned, SRE is not very popular, and I wonder why. Is there a known issue with this library, or any big benefit of using AntiXSS that I don't see?

Thank!

+3

security c # asp.net xss

Stackoverflower Feb 17 '11 at 21:00

source share

1 answer

David · Accepted Answer · 2011-02-17T21:13:06+0000

, SRE, , " ". , SQL SQL Injection. , - , , 100% - .

http://www.owasp.org/index.php/Data_Validation#Data_Validation_Strategies

, SRE. , , -, .

, , , , . ( ), . , . , , , , , , .

, , . , , , , . , , , SQL Injection, , , . , .

, , , , - (WAF). . , WAF , , SRE , .

http://www.acunetix.com/blog/news/implementing-a-web-application-firewall-only-is-not-enough-to-secure-web-applications/

Runtime VS AntiXSS Library Security Engine

More articles: