nerdexam
GIAC

GCIH · Question #692

An administrator needs to protect his organization's IIS webservers from Cross-Site Scripting attacks. Which action should he take?

The correct answer is A. Use the Anti-XSS library from Microsoft. Cross-Site Scripting (XSS) attacks occur when malicious scripts are injected into web pages and executed in other users' browsers. Microsoft's Anti-XSS Library is a purpose-built encoding library for ASP.NET applications that sanitizes and encodes user-supplied input before it is

Web Application Attacks & Post-Exploitation

Question

An administrator needs to protect his organization's IIS webservers from Cross-Site Scripting attacks. Which action should he take?

Options

  • AUse the Anti-XSS library from Microsoft
  • BConfigure two-factor authentication for clients
  • CUse a random element when setting session cookies
  • DConfigure application whitelisting on the IIS server

How the community answered

(31 responses)
  • A
    94% (29)
  • B
    3% (1)
  • C
    3% (1)

Explanation

Cross-Site Scripting (XSS) attacks occur when malicious scripts are injected into web pages and executed in other users' browsers. Microsoft's Anti-XSS Library is a purpose-built encoding library for ASP.NET applications that sanitizes and encodes user-supplied input before it is rendered in the browser, directly neutralizing XSS payloads. It is the most direct and effective countermeasure for XSS on IIS. Two-factor authentication (B) hardens user login but does nothing to prevent script injection. Using a random nonce in session cookies (C) mitigates session fixation and CSRF, not XSS. Application whitelisting (D) controls which executables can run on the server OS but has no effect on malicious content served through the web application itself.

Topics

#XSS mitigation#IIS security#Anti-XSS library#web application defense

Community Discussion

No community discussion yet for this question.

Full GCIH Practice