Monday, September 26, 2016

Block XSS Attacks

Do you know how to block XSS attacks?

Can you answer this sample Security+ test question that we recently added to the online test banks?

Q. An attacker has launched several successful XSS attacks on a web application within your DMZ. The following graphic shows part of your network.


You determine that the attacker is launching the attacks via an anonymizer. Which of the following are the BEST choices to implement on the web server to prevent this attack? (Select TWO.)

A. Baseline reporting
B. Input validation
C. Code review
D. WAF
E. URL filtering
F. Column level access control

See if you answered it correctly by checking your answer and the explanation here.