Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
XSS protection php header? .htaccess? other?
#1
I have tried the header and .htaccess methods, but it still shows that it is vulnerable in several of the pentests
Reply
#2
Maybe , link site you are trying so we can add some info
Reply
#3
Can you elaborate a bit more? Is this on a specific web application?

Keep in mind that the best way to protect against XSS is through good programming practices in general - adding one line to the top of a PHP file isn't going to save you if the app is vulnerable due to issues elsewhere.

Would be helpful if you could give some more information.
Reply
#4
I started by putting csrf-tokens in the application, but I do not feel very secure yet. Even putting the backend locks together. On some pages, even with that, it still shows me the alerts
Reply
 


Possibly Related Threads...
Thread Author Replies Views Last Post
Wink FOXSS - Simple XSS Penetration Testing Tool For Newbies akalanka 6 990 08-07-2018, 04:07 AM
Last Post: blad3



Users browsing this thread: 1 Guest(s)