When Themes are used on your Web site,they may cause security issues. Malicious themes can be used to:
1. You have to alter a control's behavior. So, it does not behave as expected.
2. For posing a cross-site scripting risk, you have to Inject client-side script.
3. Sensitive information hs to be exposed.
4. The mitigations for these common threats are:
5. Protect the global and application theme directories with proper access control settings. Only trusted users should be allowed to write files to the theme directories.
6. Do not use themes from an untrusted source. Always examine any themes from outside your organization for malicious code before using them on you Web site.
7. Do not expose the theme name in query data. Malicious users could use this information to use themes that are unknown to the developer and thereby expose sensitive information.
Asked In: Many Interviews |