nerdexam
EC-Council

312-50V10 · Question #712

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

The correct answer is C. Validate and escape all information sent to a server.. This question tests knowledge of the primary technical countermeasure for preventing Cross-Site Scripting (XSS) vulnerabilities in web applications.

Hacking Web Applications

Question

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

Options

  • AUse security policies and procedures to define and implement proper security settings.
  • BUse digital certificates to authenticate a server prior to sending data.
  • CValidate and escape all information sent to a server.
  • DVerify acces right before allowing access to protected information and UI controls.

How the community answered

(21 responses)
  • A
    5% (1)
  • B
    5% (1)
  • C
    76% (16)
  • D
    14% (3)

Why each option

This question tests knowledge of the primary technical countermeasure for preventing Cross-Site Scripting (XSS) vulnerabilities in web applications.

AUse security policies and procedures to define and implement proper security settings.

Security policies and procedures are administrative controls that define standards but do not technically prevent the injection of malicious scripts into web pages.

BUse digital certificates to authenticate a server prior to sending data.

Digital certificates authenticate the server's identity via TLS/SSL but have no mechanism to inspect or sanitize user-supplied input for script injection.

CValidate and escape all information sent to a server.Correct

XSS attacks occur when untrusted data is sent to a browser without proper validation or escaping, allowing attackers to inject malicious scripts. Validating input on the server side ensures data conforms to expected formats, while output encoding or escaping neutralizes script characters (such as converting < to &lt;) so the browser renders them as data rather than executable code. Together, these two controls directly address the root cause of XSS as defined by OWASP.

DVerify acces right before allowing access to protected information and UI controls.

Verifying access rights is an authorization control that restricts what authenticated users can do, but it does not prevent malicious script payloads from being injected and reflected to other users.

Concept tested: Cross-Site Scripting (XSS) prevention via input validation and output encoding

Source: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

Topics

#cross-site scripting#XSS prevention#input validation#output encoding

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice