How to prevent Script Injection Attacks ?

Posted by Akiii under ASP.NET on 5/20/2012 | Points: 10 | Views : 6113 | Status : [Member] | Replies : 19
Hi friends,

I read some articles regarding XSS or Script Injection Attacks. In those articles it is said that you can deal with it by turning off the request validation in the web.config file. for example :-

<pages validateRequest="true" />



Is it a good process to do this ?


Thanks and Regards
Akiii




Responses

Posted by: Ravianand on: 5/21/2012 [Member] Starter | Points: 25

Up
0
Down
www.asp.net/mvc/tutorials/.../preventing-javascript-injection-attacks-.
refer Above link

Regards,
Ravi

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 5/21/2012 [Member] Bronze | Points: 25

Up
0
Down
The link is broken @Ravi.....


Akiii

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Ravianand on: 5/21/2012 [Member] Starter | Points: 25

Up
0
Down
http://www.asp.net/mvc/tutorials/older-versions/security/preventing-javascript-injection-attacks-cs

Now try above link...

Regards,
Ravi

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 5/21/2012 [Member] Bronze | Points: 25

Up
0
Down
Thanks @Ravi, that is a good link !

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vuyiswamb on: 5/21/2012 [Member] [MVP] [Administrator] NotApplicable | Points: 25

Up
0
Down
it depends on the application you write and also on the page location within your website.

Thank you for posting at Dotnetfunda
[Administrator]

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 5/21/2012 [Member] Bronze | Points: 25

Up
0
Down
@Vuyiswa .......but Sir, If I set the attribute to false, then am i making my site vulnerable to different kinds of threats on the web ?



Regards
Akiii

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vuyiswamb on: 5/21/2012 [Member] [MVP] [Administrator] NotApplicable | Points: 25

Up
0
Down

Yes it does open doors to some vulnerability. but let

Being part of .NETFUNDA comes with benefits. I am offering a service of Web vulnaribility testing, but because you are a dotnetfunda user, i will provide it for free to you. i will submit reports on how to fix the vulnaribity that i will find when i look for them.



Thank you for posting at Dotnetfunda
[Administrator]

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 5/21/2012 [Member] Bronze | Points: 25

Up
0
Down
@Vuyiswa .....Thank you very much Sir for offering me the service. Looking forward to that !


Thanks and Regards
Akiii

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vuyiswamb on: 5/22/2012 [Member] [MVP] [Administrator] NotApplicable | Points: 25

Up
0
Down
Thank you for posting at Dotnetfunda. you know how to contact me, i will only need a URL that side and i will give you a report.

Thank you for posting at Dotnetfunda
[Administrator]

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 5/22/2012 [Member] Bronze | Points: 25

Up
0
Down
Sir what url do you need ?
I couldn't understand, please explain it to me !


Thanks and Regards
Akiii

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Vuyiswamb on: 5/22/2012 [Member] [MVP] [Administrator] NotApplicable | Points: 25

Up
0
Down
if you want me to do a web vulnerability testing on your web application , you must deploy it to your server and give me the URL to test the vulnerability on the site and i will give you the report and how to fix them

Thank you for posting at Dotnetfunda
[Administrator]

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 5/22/2012 [Member] Bronze | Points: 25

Up
0
Down
I understand Sir but I don't think this will not be allowed by my company. I personally don't have any blog or website Sir.

Thank you very much for your offer but can you use a different site ?



Thanks and Regards
Akiii

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Muhsinathk on: 6/14/2012 [Member] Bronze | Points: 25
Posted by: Muhsinathk on: 6/14/2012 [Member] Bronze | Points: 25

Up
0
Down
Please refer this link too

http://www.codingforums.com/archive/index.php/t-39292.html

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Akiii on: 6/14/2012 [Member] Bronze | Points: 25

Up
0
Down
@Muhsinathk.......Thanks for the link !



Thanks and Regards
Akiii

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Muhsinathk on: 6/14/2012 [Member] Bronze | Points: 25

Up
0
Down
Welcome..

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Muhsinathk on: 6/14/2012 [Member] Bronze | Points: 25

Up
0
Down
Hope you understand it.
Mark as Answer if its helpful to you...

Akiii, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: CGN007 on: 6/14/2012 [Member] Silver | Points: 25
Posted by: CGN007 on: 6/14/2012 [Member] Silver | Points: 25

Login to post response