Solved

How do I secure my website against XSS injection

Posted on 2012-04-03
1
244 Views
Last Modified: 2012-05-01
Hi Experts,
I have an ASP.Net website.  I want to secure against XSS injection and other threats.  How do I accomplish this?  Do I have to do something with the ValidateRequest attribute?

Thanks in advance,
mrotor
0
Comment
Question by:mainrotor
1 Comment
 
LVL 4

Accepted Solution

by:
xanandu earned 500 total points
ID: 37802359
In reality there are 2 ways to protect against XSS.

Option 1) have the code validated for security best practices. depending on the size of the codebase, this can be a very expensive option. As new vulnerabilities are released, you will have to check the code for the new troublesome code.

Option 2) put in a web application firewall. This is the option I went with. This is even a compensating control for having code verified in the process of becoming PCI compliant. There are a number of WAF appliances out there. I have tried a few, but i chose to use a FortiWeb as I was familiar with the FortiNet architecture at the time. This option is usually cheaper than having code security-validated, and will be much cheaper than having your code security-validated after your next major revision.

Your best bet is contact a security consulting firm and see what they recommend for your particular setup.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question