XSS - cross site scripting

-

What is the difference between XSS and CSRF?

  • XSS involves causing a web site to return malicious JavaScript, while CSRF involves inducing a victim user to perform actions they do not intend to do.

What is the difference between XSS and SQL injection? 

  • XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application's database.

How do I prevent XSS in PHP? 

  • Filter your inputs with a whitelist of allowed characters and use type hints or typecasting. Escape your outputs with htmlentities and ENT_QUOTES for HTML contexts, or JavaScript Unicode escapes for JavaScript contexts.

How do I prevent XSS in Java?

  • Filter your inputs with a whitelist of allowed characters and use a library such as Google Guava to HTML-encode your output for HTML contexts, or use JavaScript Unicode escapes for JavaScript contexts

Comments

Post a Comment

Popular posts from this blog

Basic Terminology

-
What is scripting language? A scripting language is a programming language that supports scripts programs written for a special run time environment that can interpret (rather than compile) automates and executes the tasks that could be alternatively executed by human operator. What is static Web pages? A static web page is the web page that delivered to user exactly as stored in contrast to dynamic web pages which are generated by a web application. What is Dynamic Web Pages?   A server side dynamic web page is controlled by an application server processing server side scripting. What is web server? Web server is the software used to run web application, Main functionality of server is to handle the request from the client and send response to client. What is web browser? The web browser is the software used to open the web application from the web server. Web browser can also execute HTML, Java Script, CSS and other client side script. What is
Read more

What is normalization in DBMS?

-
 Normalization is the technique of organizing the data into multiple tables to minimize data redundancy. Data redundancy means the reputation of data at multiple places. Different issues can be observed while insertion, Updation, Deletion. Unnecessary data reputation will increase the size of the database and leads to more issues. Normalization will break the table into two different tables.
Read more

Object oriented programming concepts in PHP

-
Is it always necessary to create objects from class? No. An object is necessary to be created if the base class has non-static methods. But if the class has static methods, then objects don’t need to be created. You can call the class method directly in this case, using the class name. How much memory does a class occupy? Classes do not consume any memory. They are just a blueprint based on which objects are created. Now when objects are created, they actually initialize the class members and methods and therefore consume memory. Can you create an instance of an abstract class? No. Instances of an abstract class cannot be created because it does not have a complete implementation. However, instances of subclass inheriting the abstract class can be created. What is a final variable? A variable whose value does not change. It always refers to the same object by the property of non-transversity. What are the differences between error and exception? Exception - Exception can be recovered b
Read more