Professional Webmasters Community
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Professional Webmasters Community

your are free to explore your reviews, thoughts, suggestion and guidelines on every online tech talk.


XSS (Cross Site Scripting) Prevention Cheat Sheet

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

Go down

XSS (Cross Site Scripting) Prevention Cheat Sheet Empty XSS (Cross Site Scripting) Prevention Cheat Sheet

Post  andry Wed Nov 03, 2010 1:59 am

This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack.

These rules apply to all the different varieties of XSS. Both reflected and stored XSS can be addressed by performing the appropriate escaping on the server-side. The use of an escaping/encoding library like the one in ESAPI is strongly recommended as there are many special cases. DOM Based XSS can be addressed by applying these rules on the client on untrusted data.

For a great cheatsheet on the attack vectors related to XSS, please refer to the excellent XSS Cheat Sheet by RSnake. More background on browser security and the various browsers can be found in the Browser Security Handbook.


Full Article
andry
andry
Moderator
Moderator

Posts : 467
Join date : 2010-05-07

Back to top Go down

Back to top

- Similar topics

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

 
Permissions in this forum:
You cannot reply to topics in this forum