According to OWASP, which three statements are rules to prevent XSS attacks? (Choose three.)

  • Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

According to OWASP, which three statements are rules to prevent XSS attacks? (Choose three.)

  • Use the HTML <a> tag with JavaScript encoding. 
  • Use HTTPS only mode for accessing web applications. 
  • Use HTML escape before inserting untrusted data into HTML element content. 
  • Use the HTML img tag with a combination of hexadecimal HTML character references. 
  • Use attribute escape before inserting untrusted data into HTML common attributes. 
  • Use JavaScript escape before inserting untrusted data into JavaScript data values.

Explanation & Hint:

According to OWASP, the general rules for preventing XSS attacks include:

  • Use an auto-escaping template system.
  • Never insert untrusted data except in allowed locations.
  • Use HTML escape before inserting untrusted data into HTML element content.
  • Use attribute escape before inserting untrusted data into HTML common attributes.
  • Use JavaScript escape before inserting untrusted data into JavaScript data values.
  • Use CSS escape and strictly validate before inserting untrusted data into HTML-style property values.
  • Use URL escape before inserting untrusted data into HTML URL parameter values.
  • Sanitize HTML markup with a library such as ESAPI to protect the underlying application.
  • Use the HTTPOnly cookie flag.
  • Implement content security policy.
  • Use the X-XSS-Protection response header.

For more Questions and Answers:

6.13.3 Quiz – Performing Post-Exploitation Techniques Answers Full 100%

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments