What is the countermeasure against XSS scripting?

Consider the following code:

URL:http://www.certified.com/search.pl?
text=<script>alert(document.cookie)</script>
If an attacker can trick a victim user to click a link like this, and the Web application does not
validate input, then the victim’s browser will pop up an alert showing the users current set of
cookies. An attacker can do much more damage, including stealing passwords, resetting your
home page, or redirecting the user to another Web site.
What is the countermeasure against XSS scripting?

Consider the following code:

URL:http://www.certified.com/search.pl?
text=<script>alert(document.cookie)</script>
If an attacker can trick a victim user to click a link like this, and the Web application does not
validate input, then the victim’s browser will pop up an alert showing the users current set of
cookies. An attacker can do much more damage, including stealing passwords, resetting your
home page, or redirecting the user to another Web site.
What is the countermeasure against XSS scripting?

A.
Create an IP access list and restrict connections based on port number

B.
Replace “<” and “>” characters with “& l t;” and “& g t;” using server scripts

C.
Disable Javascript in IE and Firefox browsers

D.
Connect to the server using HTTPS protocol instead of HTTP



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Ghost Man

Ghost Man

D is the Ans.

Rodrigo

Rodrigo

go to hell Ghost Man