« Dealing with UI redress vulnerabilities inherent to the current web | Main | Insecure Mag #18 published »

Checking for ViewStateUserKey using FxCop

An anonymous user writes

"ASP.NET has had a mitigation to prevent against CSRF/One-Click attacks since 1.1 with the use of Page.ViewStateUserKey property. You can now make sure that the property is being used using FxCop."

Link: https://blogs.msdn.com/sfaust/archive/2008/09/25/checking-for-viewstateuserkey-using-fxcop.aspx


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!