What is cross site scripting? (XSS)
Ans.
Cross-site scripting is the way to attacks and insert the vulnerabilities in Web page. This attack is injected by client-side code. The script which is inject by the client can embed itself in response data. The response data which send back to the malicious user. The browser can’t recognize the scripts as it is responded from the trusted source.
The cross-site scripting attacks also work on the HTTP and HTTPS.
There are 2 ways to prevent the cross site scripting attack:
Constrain input- Validate the input length, type, formatting, range etc
Encode output- Send the input data with encode e.g. Encode to HTML
To prevent the cross-site attack, we can set the below attributes in web.config file:
<configuration>
<system.web>
<pages buffer="true" validaterequest="true" />
</system.web>
</configuration>
No comments:
Post a Comment