Ethical Experts
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
HomeHome  SearchSearch  FAQFAQ  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!

Display results as :
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
Tue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
Fri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
Thu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
Sat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
Sat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
Sat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
Wed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
Fri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
Fri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
Hack Your BroadBand !! RISK FREE !!
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
Hacking With Keyloggers Prorat
How to Get Unlimited time in an Internet Cafe ... :D
How to Hack Websites & Servers - Tutorial
Cracking a WPA/WPA-2 Password.. ;)
Backtrack and Facebook
Credit Card Generating Sequence
wifi hack netcat
Facebook Like

Share | 

 Countermeasures against XSS

Go down 
The Joker

Posts : 182
Join date : 2012-06-11
Age : 27

PostSubject: Countermeasures against XSS   Sun Oct 07, 2012 5:06 am

Check and validate all the form fields, hidden fields, headers, cookies, query strings and all the parameters against a rigorous specification.

Implement a stringent security policy.

Web servers, applications servers, and web application environments are vulnerable to cross-site scripting. It is hard to identify and remove XSS flaws from web applications. The best way to find flaws is to perform a security review of the code, and search in all the places where input from an HTTP request comes as an output through HTML.

A variety of different HTML tags can be used to transmit a malicious JavaScript. Nessus, Nikto and other tools can help to some extent for scanning website for these flaws. If vulnerability is discovered in one website, there is a high chance of it being vulnerable to other attacks.

Find the script output to defeat XSS vulnerability which can prevent then from being transmitted to users.

The entire code of the website has to be reviewed if it has to be protected against XSS attacks. The sanity of the code should be checked by reviewing and comparing it against exact specifications. The areas should be checked as follows, the headers, as well as cookies, query string from fields and hidden fields. During the validation process, there must be no attempt to recognize the active content, neither to remove the filter nor sanitize it.

There are many ways to encode the known filters for active content. A “positive security policy” is highly recommended, which specifies what has to be allowed and what has to be removed. Negative or attack signature-based policies are hard to maintain, as they are incomplete.

Input fields should be limited to a maximum since most script attacks need several characters to get granted.

Do NOT PM me until you are DONATING or Your Upgrade  hasn't been completed even after you have purchased it .
If is one of the above, you can either choose to PM or mail me ..
Back to top Go down
View user profile
Countermeasures against XSS
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Ethical Experts :: Hacking Section :: Hacking Tutorials-
Jump to: