Solved

How do I secure my website against XSS injection

Posted on 2012-04-03
1
242 Views
Last Modified: 2012-05-01
Hi Experts,
I have an ASP.Net website.  I want to secure against XSS injection and other threats.  How do I accomplish this?  Do I have to do something with the ValidateRequest attribute?

Thanks in advance,
mrotor
0
Comment
Question by:mainrotor
1 Comment
 
LVL 4

Accepted Solution

by:
xanandu earned 500 total points
ID: 37802359
In reality there are 2 ways to protect against XSS.

Option 1) have the code validated for security best practices. depending on the size of the codebase, this can be a very expensive option. As new vulnerabilities are released, you will have to check the code for the new troublesome code.

Option 2) put in a web application firewall. This is the option I went with. This is even a compensating control for having code verified in the process of becoming PCI compliant. There are a number of WAF appliances out there. I have tried a few, but i chose to use a FortiWeb as I was familiar with the FortiNet architecture at the time. This option is usually cheaper than having code security-validated, and will be much cheaper than having your code security-validated after your next major revision.

Your best bet is contact a security consulting firm and see what they recommend for your particular setup.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now