How can we prevent XSS attacks?

-
Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.

In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures:

Filter input on arrival -

At the point where user input is received, filter as strictly as possible based on what is expected or valid input.

Encode data on output -

At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding.

Use appropriate response headers -

To prevent XSS in HTTP responses that aren't intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend.

Content Security Policy -

 As a last line of defense, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.

Comments

Post a Comment

Popular posts from this blog

Basic Terminology

-
What is scripting language? A scripting language is a programming language that supports scripts programs written for a special run time environment that can interpret (rather than compile) automates and executes the tasks that could be alternatively executed by human operator. What is static Web pages? A static web page is the web page that delivered to user exactly as stored in contrast to dynamic web pages which are generated by a web application. What is Dynamic Web Pages?   A server side dynamic web page is controlled by an application server processing server side scripting. What is web server? Web server is the software used to run web application, Main functionality of server is to handle the request from the client and send response to client. What is web browser? The web browser is the software used to open the web application from the web server. Web browser can also execute HTML, Java Script, CSS and other client side script. What is
Read more

What is normalization in DBMS?

-
 Normalization is the technique of organizing the data into multiple tables to minimize data redundancy. Data redundancy means the reputation of data at multiple places. Different issues can be observed while insertion, Updation, Deletion. Unnecessary data reputation will increase the size of the database and leads to more issues. Normalization will break the table into two different tables.
Read more

Object oriented programming concepts in PHP

-
Is it always necessary to create objects from class? No. An object is necessary to be created if the base class has non-static methods. But if the class has static methods, then objects don’t need to be created. You can call the class method directly in this case, using the class name. How much memory does a class occupy? Classes do not consume any memory. They are just a blueprint based on which objects are created. Now when objects are created, they actually initialize the class members and methods and therefore consume memory. Can you create an instance of an abstract class? No. Instances of an abstract class cannot be created because it does not have a complete implementation. However, instances of subclass inheriting the abstract class can be created. What is a final variable? A variable whose value does not change. It always refers to the same object by the property of non-transversity. What are the differences between error and exception? Exception - Exception can be recovered b
Read more