I have a website i'm developing that had a 'contact us' page that was similarly designed to the one in the book, so I tried putting in:
IE and VS throw an exception that catches the threat, but i'm not entirely convinced that my website will be safe in a live environment.
I found that I can (in my contact form) set ValidateRequestMode to disabled and then sanitize all of the input using HttpUtility.HtmlEncode(). So, I know this works when I specifically write code to prevent security threats, but does ASP.Net catch other vulnerabilties that I miss?
I'm still reading through the Database chapters, so I don't know if we will have a text box whose value is sent to a database, but is there some protection for them, or do we have to 'manually' check the text for malicious intent?
Here are the videos that I was referring to:
Hacking Websites with SQL Injection