EC-Council
312-50V9 · Question #239
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
The correct answer is A. Validate and escape all information sent to a server. Contextual output encoding/escaping could be used as the primary defense mechanism to stop Cross-site Scripting (XSS) attacks. https://en.wikipedia.org/wiki/Cross- site_scripting#Contextual_output_encoding.2Fescaping_of_string_input
Hacking Web Applications
Question
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
Options
- AValidate and escape all information sent to a server
- BUse security policies and procedures to define and implement proper security settings
- CVerify access right before allowing access to protected information and UI controls
- DUse digital certificates to authenticate a server prior to sending data
How the community answered
(48 responses)- A90% (43)
- B2% (1)
- C2% (1)
- D6% (3)
Explanation
Contextual output encoding/escaping could be used as the primary defense mechanism to stop Cross-site Scripting (XSS) attacks. https://en.wikipedia.org/wiki/Cross- site_scripting#Contextual_output_encoding.2Fescaping_of_string_input
Topics
#XSS prevention#input validation#output encoding#secure coding
Community Discussion
No community discussion yet for this question.