CEH v9 Question of the Week: XSS Scripting

Which of the following is a countermeasure against XSS scripting?

A. Create an IP access list and restrict connections based on port number
B. Replace “<” and “>” characters with “&lt;” and “&gt;” using server scripts
C. Disable Javascript in IE and Firefox browsers
D. Connect to the server using HTTPS protocol instead of HTTP

Reveal Answer

The correct answer is B.

Escaping the “<” and “>” characters with HTML entity encoding is the best countermeasure to prevent switching into any execution context, such as script, style, or event handlers.

 

Related Course
Certified Ethical Hacker v9

CEH v9 Question of the Week Series

• CEH v9 Question of the Week: Retina Scanners
• CEH v9 Question of the Week: Employee Behavior
• CEH v9 Question of the Week: CVE-2007-2447
• CEH v9 Question of the Week: SQL Injection
• CEH v9 Question of the Week: Web Application Penetration Testing
• CEH v9 Question of the Week: iptables
• CEH v9 Question of the Week: Examine Streams of Packets
• CEH v9 Question of the Week: Scans
• CEH v9 Question of the Week: SQL Injection
• CEH v9 Question of the Week: Standard Risk Assessment
• CEH v9 Question of the Week: Penetration Testing
• CEH v9 Question of the Week: SMB Over TCP/IP
• CEH v9 Question of the Week: Block Cipher
• CEH v9 Question of the Week: Prevent Future DoS Attacks
• CEH v9 Question of the Week: Same MAC Address
• CEH v9 Question of the Week: XSS Scripting

from
CERTIVIEW