XSS protection php header? .htaccess? other?
by constantinewine - 11-25-2018, 12:30 AM
I have tried the header and .htaccess methods, but it still shows that it is vulnerable in several of the pentests
Maybe , link site you are trying so we can add some info
Can you elaborate a bit more? Is this on a specific web application?

Keep in mind that the best way to protect against XSS is through good programming practices in general - adding one line to the top of a PHP file isn't going to save you if the app is vulnerable due to issues elsewhere.

Would be helpful if you could give some more information.
I started by putting csrf-tokens in the application, but I do not feel very secure yet. Even putting the backend locks together. On some pages, even with that, it still shows me the alerts

Possibly Related Threads…
Thread Author Replies Views Last Post
BlackNET - MultiOS BotNET with PHP Panel teamkelvinsecteam 0 284 02-15-2019, 02:04 PM
Last Post: teamkelvinsecteam
FOXSS - Simple XSS Penetration Testing Tool For Newbies akalanka 6 1,146 08-07-2018, 04:07 AM
Last Post: blad3

 Users browsing this thread: 1 Guest(s)