Software Engineer

curiouswebster

<div>
thanks for the detailed answer(s)
</div>


<div>
<div class="content wysiwyg-content">
How does ASP.NET – &quot;SameSite Cookie&quot; block XSS attacks?<br />
<br />
Please give me a quick view under the covers how this .NET Framework Version 4.7.2 feature helps stop XSS attacks.<br />
<br />
And how is it that an MVC site did not have this exposure with earlier versions of .NET Framework?<br />
<br />
Thanks
</div>
</div>


How does ASP.NET – "SameSite Cookie" block XSS attacks?

Please give me a quick view under the covers how this .NET Framework Version 4.7.2 feature helps stop XSS attacks.

And how is it that an MVC site did not have this exposure with earlier versions of .NET Framework?

Thanks

How does ASP.NET – &quot;SameSite Cookie&quot; block XSS attacks?

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

.NET Programming

Most development for the Microsoft platform is done utilizing the technologies supported by the.NET framework. Other development is done using Visual Basic for Applications (VBA) for programs like Access, Excel, Word and Outlook, with PowerShell for scripting, or with SQL for large databases.

Microsoft Development

C# is an object-oriented programming language created in conjunction with Microsoft’s .NET framework. Compilation is usually done into the Microsoft Intermediate Language (MSIL), which is then JIT-compiled to native code (and cached) during execution in the Common Language Runtime (CLR).

How does ASP.NET – &quot;SameSite Cookie&quot; block XSS attacks?

How does ASP.NET – "SameSite Cookie" block XSS attacks?