XSS (Cross Site Scripting) Prevention Cheat Sheet
Page 1 of 1
XSS (Cross Site Scripting) Prevention Cheat Sheet
This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack.
These rules apply to all the different varieties of XSS. Both reflected and stored XSS can be addressed by performing the appropriate escaping on the server-side. The use of an escaping/encoding library like the one in ESAPI is strongly recommended as there are many special cases. DOM Based XSS can be addressed by applying these rules on the client on untrusted data.
For a great cheatsheet on the attack vectors related to XSS, please refer to the excellent XSS Cheat Sheet by RSnake. More background on browser security and the various browsers can be found in the Browser Security Handbook.
Full Article
These rules apply to all the different varieties of XSS. Both reflected and stored XSS can be addressed by performing the appropriate escaping on the server-side. The use of an escaping/encoding library like the one in ESAPI is strongly recommended as there are many special cases. DOM Based XSS can be addressed by applying these rules on the client on untrusted data.
For a great cheatsheet on the attack vectors related to XSS, please refer to the excellent XSS Cheat Sheet by RSnake. More background on browser security and the various browsers can be found in the Browser Security Handbook.
Full Article
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Webmatic 3.0.3 Multiple cross.site scripting
» Cross Site Scripting (XSS) at User-Agent
» Cross-Site Scripting Still Most Common Web Vulnerability
» XSS-Proxy Cross Site Scripting Attack Tool
» Exploiting a cross-site scripting vulnerability on Facebook
» Cross Site Scripting (XSS) at User-Agent
» Cross-Site Scripting Still Most Common Web Vulnerability
» XSS-Proxy Cross Site Scripting Attack Tool
» Exploiting a cross-site scripting vulnerability on Facebook
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|