Solved

Protecting against cross site scripting

Posted on 2004-10-04
2
206 Views
Last Modified: 2013-11-16
Does WindowsXP sp2 have any protection against cross site scripting.  If not, what can I do to prevent it from happening to me?
0
Comment
Question by:tjwill
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
knoxj81 earned 125 total points
ID: 12221145
To use cross site scripting, the user would have to exploit it. Being that your on the latest version of Windows XP, you are more secure than most. However, ALL-AROUND Security is important to prevent from future exploits and virus. To do this I would recommend the following programs to use with XP SP2. One of the best defenses against exploits, is research. Check out the programs and sites I list below, This will help get you on the right track in securing your system.

Antivirus:
Kaspersky Antivirus 5.0 (new version) http://www.kaspersky.com/personal
This program is the best by far. It updates every 3 hours, scans web browser scripts also.
I've tested many other virus scanners through the years and this is by far the best.

AVG is also a great virus scanner (more for home user) not to mention they have a wonderful FREE edition.
http://www.grisoft.com/us/us_dwnl_free.php

Firewall:
Sygate Personal Firewall Pro - Compared to ZoneAlarm or Nortons which both have tons of exploits to drop their service like a fly. Sygate is the choice for a software firewall.

Sygate has a home editon for free as well.  www.sygate.com

Spyware/Adware/Malware/Dataware:
AD-AWARE - www.lavasoftusa.com
If you can afford it by the PRO version, the extra feature AD-WATCH is well worth it for it monitors your registry and notifies you of any changes made allowing you to ALLOW or REJECT the request on the fly.

RegistryProt 2.0 - http://www.diamondcs.com.au/index.php?page=regprot
This is a free program to monitor all changes to registry. This is a must in security for you windows machine. Big help in eliminating spyware, Trojans, backdoors, etc..

BHO Demon - www.majorgeeks.com/download3550.html  (mirrored)
This is a must now-a-days if your running Internet Explorer! BHO is used in a lot of the recent IE exploits as well as keyloggers. Windows XP SP2 offers something along these lines, but why trust M$.

IDS ( Intrusion Detection System ): - snort.org
I was reading my Windows & .NET Magazine, and it has a great article on SNORT. Setting it up and everything. Page 51! Or you can buy the book SNORT 2.1 Second Edition. This program is absolutly promising, this is for extreme paranoid users & advanced users.

References:
http://isc.sans.org/index.php?off=diary -Everyday info on the latest exploits/virus/security issues.
http://eeye.com - perfect for advisories and the best security software.
www.majorgeeks.com - Every program a nerd could think of!!
www.sygate.com – Great Software firewall.
www.kaspersky.com – Best AV on the market.
www.lavasoftusa.com – Best spyware removal program.
http://www.grisoft.com – Wonderful FREE AV.

Let me know if you have any questions or need any further assistance.

Jorden
0
 
LVL 1

Expert Comment

by:vvksan
ID: 12223617
Here is a really good article on cross site scripting

http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure07152002.asp

The best way to prevent cross site scripting is to perform strict validation on all inputs.



0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Ready for our next Course of the Month? Here's what's on tap for June.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question