Hey Folks,

We have recently released a free IIS module written in C#, Secure Parameter Filter (or SPF for short), which aims to help protect web apps against parameter manipulation attacks. In doing so, the module also helps to prevent CSRF and reflected XSS by including an encrypted token with each request.

SPF has been a project of ours for the last year, and just last week, we open sourced SPF under the GNU Public License. Due to the important role sla.ckers.org community members have played in the success of other projects (such as the PHP-IDS project), we realize there is an incredible value to be gained for SPF as an open source security tool. We support open evaluations and smoketests of such security projects, and are looking forward to hearing community input on ways to improve SPF.

SPF can be downloaded from [spf.codeplex.com], and we have provided two live smoketest sample applications (the MSDN StockTrader application) at the following URLs. Remote detailed errors have been turned on to allow for easier debugging :-)

* [trade-no-spf.gdsdemo.com] (SPF not enabled)
* [trade-spf.gdsdemo.com] (SPF enabled)