img

Help with preventing XSS stored file vulnerability attack.

Hey people, As a part of our info sec audit I wanted to know how can I prevent common vulnerability attacks like XSS Stored file and Click jacking. XSS stored file vulnerability: where a bad entity can upload a script to server and gain access/info. Eg: we have a upload image feature and the bad entity could Insert his/her script in .svg file and upload it to the server. Now this malicious code can be executed in multiple ways. Clickjacking: someone opens the website in an iFrame and overlays a transparent button or something. Now a user click on it without realising what he/she is clicking on, once clicked it could be anything that the bad entity could have placed and api call sone file download etc… I need to protect my web app against these two vulnerabilities anyone has worked on them?

img

AITookMyJob

Startup

a year ago

Can you block iFrame usage altogether for your webapp? Use X-Frame-Options header as well as a strict Content Security Policy
img

AITookMyJob

Startup

a year ago

This is mainly for clickjacking but can help with XSS too
img

Slf4j

Fintech Startup

a year ago

Cool thanks, let me try this approach.
See more comments
Sign in to a Grapevine account for the full experience.