Ethical Experts
Ethical Experts
Ethical Experts
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Ethical Experts

A Community Dedicated to Helping and Learning . Here You Will Get Hacking Tutorials and Monetizing Methods . We Hope You Have a Pleasant Stay
 
HomeHome  SearchSearch  Latest imagesLatest images  RegisterRegister  Log in  
Still Currently working on the forum design, until I find a perfect design that can sit there for the whole life :p .. Please Bare with us if you see the design change while / after you refresh a page or return ! Sorry for the Inconvenience ~!
Search
 
 

Display results as :
 
Rechercher Advanced Search
Latest topics
» Hack Pack : Largest Hacking Tools Collection
XSS COUNTERMEASURES EmptyTue Apr 28, 2015 9:35 am by THE-OUTSIDER

» Hi everyone!
XSS COUNTERMEASURES EmptyFri Nov 07, 2014 11:24 pm by zekrum

» Hacking Email ID's
XSS COUNTERMEASURES EmptyThu Sep 25, 2014 7:22 pm by NAVEEN KUMAR . S

» entering in a computer binary
XSS COUNTERMEASURES EmptySat Sep 20, 2014 1:29 pm by erosh23

» hi hackers
XSS COUNTERMEASURES EmptySat Sep 20, 2014 1:26 pm by erosh23

» Introduce Yourself !
XSS COUNTERMEASURES EmptySat Sep 20, 2014 1:23 pm by erosh23

» Hello guys
XSS COUNTERMEASURES EmptyWed Jul 30, 2014 10:52 pm by RZero67

» need botnet like zues Betabot or any good botnet files please admin help me
XSS COUNTERMEASURES EmptyFri Jul 25, 2014 9:44 pm by sire_roktiv

» Extension Spoofer v0.1 [Beta Release]
XSS COUNTERMEASURES EmptyFri Jul 11, 2014 9:33 am by The Joker

Most Viewed Topics
Hack Pack : Largest Hacking Tools Collection
HACK WIFI PASSWORD USING CMD WHEN YOU ARE CONNECTED WITH WIFI
Hack Your BroadBand !! RISK FREE !!
Hacking With Keyloggers Prorat
How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial
How to Get Unlimited time in an Internet Cafe ... :D
How to Hack Websites & Servers - Tutorial
Cracking a WPA/WPA-2 Password.. ;)
Backtrack and Facebook
Credit Card Generating Sequence
Keywords
LARGEST netcat hack wifi
Facebook Like
Similar topics

Ethical Experts :: Hacking Section :: Hacking Tools
 

 XSS COUNTERMEASURES

Go down 
AuthorMessage
thedhruvsoni
Team IHA Admins
Team IHA Admins
thedhruvsoni


Posts : 11
Join date : 2013-10-12

XSS COUNTERMEASURES Empty
PostSubject: XSS COUNTERMEASURES   XSS COUNTERMEASURES EmptyMon Oct 21, 2013 2:35 am
XSS COUNTERMEASURES
It is quite hard to detect and remove XSS flaws from web applications which leads to XSS Attacks on the websites. The best way to find these flaws is to perform security review of the code, and search all the places where input from an HTTP request comes as an output through HTML because these locations can be used by an attacker to attack a particular website.

#1 – Using HTML Escape Previous to Inserting Data to HTML Element Content
“<" introduces a tag.
“&” introduces a character entity.
Few of the available browsers try to correct automatically the poorly formatted HTML and treat “>” as if it were “<".

#2 - Attribute Escape for HTML Common Attributes
These can be done using encoding. Sensitive Attribute should be encoded into suitable code. Except for the alpha-numeric characters, escape all the characters with ASCII values less than 256 with the &#xHH; format to prevent switching out of the attribute unnecessarily. And, it makes the WebSite more secure to XSS Attacks.

#3 - JavaScript Escape for JavaScript Data Values
=>JavaScript should be escaped and properly ended and poorly ended javascript quotes can allow an attacker to insert his own java codes on the page and run them from there. JavaScript Escape for JavaScript Values if used would disable an attacker to insert any unwanted part of code into the webpage.

#4 - CSS Escape & Validation
=> Untrusted CSS data should only be entered in a property value and not into other places in style data. CSS is a very powerful language and it may help an attacker to attack in various ways through Cascaded Style Sheets (popularly known as CSS).

For example:

<style>selector { property : ...ESCAPE UNTRUSTED DATA HERE...; } </style>

{ background-url : "javascript:alert(1)"; } // and all other URLs
{ text-size: "expres​sion(alert('XSS'))"; } // only in IE

#5 - URL Escape for URL Parameter Values

=> URL Escape should be used if a sensitive URL is to be encoded and it should be validated. This feature adds security to the webpage. It is used when URL is be encoded which sends data through GET. For this purpose URL Encoder should be used.

String safe = ESAPI.encoder().encodeForURL( request.getParameter( "input" ) );

#6 - Use the <frame> Security Attribute
Most of the latest browsers support <frame> and <iframe> and it must be used with “Restricted” parameter as it gives restriction to that particular frame thereby increasing the security against XSS Attacks.
Back to top Go down
 
XSS COUNTERMEASURES
Back to top 
Page 1 of 1
 Similar topics
-
» Countermeasures against XSS

Permissions in this forum:You cannot reply to topics in this forum
Ethical Experts :: Hacking Section :: Hacking Tools-
Jump to: