|
|
ICT-Hotlist Topic
Preventing Cross Site Scripting Attacks in ASP.NET MVC 4
Published : 2015-08-05.
Last updated : 2017-05-02.
A website is exposed to various types of attacks and one of the
most common types of attack is what is known as Cross Site Scripting
(XSS). In a cross site scripting attack, malicious markup and script is
entered in the web pages that are viewed by other users. If proper care is
not taken to filter this malicious piece of markup, the script gets stored
in the system and also rendered on web pages. Depending on the script
injected by the hacker it can cause damage ranging from annoying popups to
stolen credentials to accessing data stored in cookies. Therefore, it is
important for ASP.NET MVC developers to prevent these types of attacks.
Luckily, ASP.NET MVC offers a helping hand in safeguarding your websites.
This
article discusses some of the basics involved in the
process.
Scripts and programming examples disclaimer
Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware.
You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation.
However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.
Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data.
Make sure you have verified full backups and the associated restore software available before running any script or programming example.
Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
|