Question

    Which of the following is an effective countermeasure

    against Cross-Site Scripting (XSS) attacks in a web application?
    A Disabling cookies for user authentication. Correct Answer Incorrect Answer
    B Implementing input validation and output encoding Correct Answer Incorrect Answer
    C Using symmetric key encryption for database queries Correct Answer Incorrect Answer
    D Restricting file uploads to PDF and image formats only Correct Answer Incorrect Answer
    E Enabling HTTP/2 protocol on the web server. Correct Answer Incorrect Answer

    Solution

    Detailed Explanation:Cross-Site Scripting (XSS) is a vulnerability where attackers inject malicious scripts into websites that are executed in the context of the user’s browser. The primary way to prevent XSS attacks is by implementing input validation to ensure that user-provided data does not contain malicious content and output encoding to neutralize special characters (e.g., <, >, &) before displaying them on web pages.

    • Input validation ensures that data conforms to expected formats (e.g., alphanumeric for usernames) and blocks inputs containing dangerous characters or scripts.
    • Output encoding modifies potentially harmful content so that it is treated as data rather than executable code. For example, encoding