Microsoft Web Protection Library

  •        79

The Microsoft Web Protection Library offers AntiXSS, an encoding library, to protect your current applications from cross-site scripting attacks and the Security Runtime Engine to help protect your legacy applications.



Related Projects

IIS Secure Parameter Filter (SPF)

SPF is an application security module Microsoft IIS web servers. SPF provides instant out-of-the-box protection against Parameter Tampering, Cross-Site Scripting (XSS), URL Manipulation, Cross-Site Request Forgery (CSRF), and Session Hijacking/Replay attacks.


Training and educating about the web security


NeatHtml™ is a highly-portable open source website component that displays untrusted content securely, efficiently, and accessibly. Untrusted content is any content that is not trusted by the website owner (e.g. blog comments, forum posts, or user pages on social networks).

IIS 6 Security Analyzer

IIS 6 Security Analyzer is an ASP.NET 2.0 web site that can be used to check the security of a IIS 6 server. This tool checks only the services related to IIS.

HTTP Strict Transport Security IIS Module

A module for IIS which enables HTTP Strict Transport Security compliant with the HSTS Draft Specification (RFC 6797).

Bluemonday - A fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.

IisShield - Application Layer Firewall

IisShield is an IIS ISAPI Filter preventing any known and unknown attacks from disrupting IIS. The preventive approach of IisShield is an added value preventing IIS from even trying to interpret requests trying to break-in. With a detailed logging engine, IisShield helps IIS a...

secure-filters - Anti-XSS Security Filters for EJS and More

Anti-XSS Security Filters for EJS and More

SecureMe - This class implement a security check and validation against SQL-injection and xss

This class implement a security check and validation against SQL-injection and xss

xss_faker - Ruby gem that replaces Faker's output with XSS strings for security testing

Ruby gem that replaces Faker's output with XSS strings for security testing

x5s - test encodings and character transformations to find XSS hotspots

x5s is a Fiddler addon that aims to assist penetration testers in finding cross-site scripting (XSS) vulnerabilities. By auto-injecting special character-probes into all inputs x5s can detect where the emitted character may be ill-encoded or transformed in a vulnerable way.

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.##Why Should I use Sleepy Puppy?## Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.

Wapiti - Web application vulnerability scanner / security auditor

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.

AntiXSS Experimental

Welcome to AntiXSS Experimental. AntiXSS Experimental contains code for common encoders auto-generated using Microsoft Research's BEK project.


AntiXSS for Java is a port of the Microsoft Anti-Cross Site Scripting (AntiXSS) v1.5 library for .NET applications. The library requires Java 1.4 or higher, but has no other prerequisites.

ZEN WPL Exporter

WPL Exporter for Creative ZEN Mozaic EZ300 converts Windows Playlists (WPL) created in Windows Media Player to ZEN Playlist (M3U) format and saves them on ZEN device. You will be able to transfer your existing WMP playlists to ZEN. It's developed in C# and uses .NET 3.5.

ninerhub - 49th Security Division Sample Broken Pages

49th Security Division Sample Broken Pages


Coverity Security Library (CSL) is a lightweight set of escaping routines for fixing cross-site scripting (XSS), SQL injection, and other security defects in Java web applications.

OWASP Joomla Vulnerability Scanner Project

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.