How to prevent Script Injection Attacks ?

Posted by Akiii under ASP.NET on 5/20/2012 | Points: 10 | Views : 9493 | Status : [Member] | Replies : 17

Write New Post |

Search Forums | Answered

Resolved Posts |

Un Answered Posts |

Forums Home

Hi friends,

I read some articles regarding XSS or Script Injection Attacks. In those articles it is said that you can deal with it by turning off the request validation in the web.config file. for example :-

<pages validateRequest="true" />

Is it a good process to do this ?

Thanks and Regards
Akiii

Reply | Reply with Attachment

Alert Moderator

Responses

Posted by: Ravianand on: 5/21/2012 [Member] Starter | Points: 25

0	www.asp.net/mvc/tutorials/.../preventing-javascript-injection-attacks-. refer Above link Regards, Ravi Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Akiii on: 5/21/2012 [Member] Bronze | Points: 25

0	The link is broken @Ravi..... Akiii Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Ravianand on: 5/21/2012 [Member] Starter | Points: 25

0	http://www.asp.net/mvc/tutorials/older-versions/security/preventing-javascript-injection-attacks-cs Now try above link... Regards, Ravi Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Akiii on: 5/21/2012 [Member] Bronze | Points: 25

0	Thanks @Ravi, that is a good link ! Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Vuyiswamb on: 5/21/2012 [Member] [MVP] [Administrator] NotApplicable | Points: 25

0	it depends on the application you write and also on the page location within your website. Thank you for posting at Dotnetfunda [Administrator] Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Akiii on: 5/21/2012 [Member] Bronze | Points: 25

0	@Vuyiswa .......but Sir, If I set the attribute to false, then am i making my site vulnerable to different kinds of threats on the web ? Regards Akiii Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Vuyiswamb on: 5/21/2012 [Member] [MVP] [Administrator] NotApplicable | Points: 25

0	Yes it does open doors to some vulnerability. but let Being part of .NETFUNDA comes with benefits. I am offering a service of Web vulnaribility testing, but because you are a dotnetfunda user, i will provide it for free to you. i will submit reports on how to fix the vulnaribity that i will find when i look for them. Thank you for posting at Dotnetfunda [Administrator] Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Yes it does open doors to some vulnerability. but let

Being part of .NETFUNDA comes with benefits. I am offering a service of Web vulnaribility testing, but because you are a dotnetfunda user, i will provide it for free to you. i will submit reports on how to fix the vulnaribity that i will find when i look for them.

Thank you for posting at Dotnetfunda
[Administrator]

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 5/21/2012 [Member] Bronze | Points: 25

0	@Vuyiswa .....Thank you very much Sir for offering me the service. Looking forward to that ! Thanks and Regards Akiii Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Vuyiswamb on: 5/22/2012 [Member] [MVP] [Administrator] NotApplicable | Points: 25

0	Thank you for posting at Dotnetfunda. you know how to contact me, i will only need a URL that side and i will give you a report. Thank you for posting at Dotnetfunda [Administrator] Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Akiii on: 5/22/2012 [Member] Bronze | Points: 25

0	Sir what url do you need ? I couldn't understand, please explain it to me ! Thanks and Regards Akiii Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Vuyiswamb on: 5/22/2012 [Member] [MVP] [Administrator] NotApplicable | Points: 25

0	if you want me to do a web vulnerability testing on your web application , you must deploy it to your server and give me the URL to test the vulnerability on the site and i will give you the report and how to fix them Thank you for posting at Dotnetfunda [Administrator] Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Akiii on: 5/22/2012 [Member] Bronze | Points: 25

0	I understand Sir but I don't think this will not be allowed by my company. I personally don't have any blog or website Sir. Thank you very much for your offer but can you use a different site ? Thanks and Regards Akiii Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Muhsinathk on: 6/14/2012 [Member] Bronze | Points: 25

0	Refer this link http://stackoverflow.com/questions/942011/how-to-prevent-javascript-injection-attacks-within-user-generated-html Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Muhsinathk on: 6/14/2012 [Member] Bronze | Points: 25

0	Please refer this link too http://www.codingforums.com/archive/index.php/t-39292.html Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Akiii on: 6/14/2012 [Member] Bronze | Points: 25

0	@Muhsinathk.......Thanks for the link ! Thanks and Regards Akiii Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Muhsinathk on: 6/14/2012 [Member] Bronze | Points: 25

0	Welcome.. Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Muhsinathk on: 6/14/2012 [Member] Bronze | Points: 25

0	Hope you understand it. Mark as Answer if its helpful to you... Akiii, if this helps please login to Mark As Answer. \| Alert Moderator

Latest Posts