Solved

How do I secure my website against XSS injection

Posted on 2012-04-03
1
245 Views
Last Modified: 2012-05-01
Hi Experts,
I have an ASP.Net website.  I want to secure against XSS injection and other threats.  How do I accomplish this?  Do I have to do something with the ValidateRequest attribute?

Thanks in advance,
mrotor
0
Comment
Question by:mainrotor
1 Comment
 
LVL 4

Accepted Solution

by:
xanandu earned 500 total points
ID: 37802359
In reality there are 2 ways to protect against XSS.

Option 1) have the code validated for security best practices. depending on the size of the codebase, this can be a very expensive option. As new vulnerabilities are released, you will have to check the code for the new troublesome code.

Option 2) put in a web application firewall. This is the option I went with. This is even a compensating control for having code verified in the process of becoming PCI compliant. There are a number of WAF appliances out there. I have tried a few, but i chose to use a FortiWeb as I was familiar with the FortiNet architecture at the time. This option is usually cheaper than having code security-validated, and will be much cheaper than having your code security-validated after your next major revision.

Your best bet is contact a security consulting firm and see what they recommend for your particular setup.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question