We recommend setting the default HTTP header
like this:
Content-Type: text/html; charset=utf-8
You should also add the following to all HTML responses:
TESTING FOR CROSS-SITE SCRIPTING
Now that you understand the basics of XSS, it is important to test your web applications to
verify their security. You can use a variety of methods to test for XSS in web applications.
The following section describes an automated method to testing for XSS using iSEC??™s
SecurityQA Toolbar. The SecurityQA Toolbar is a security testing tool for web application
security. It is often used by developers and QA testers to determine an application??™s security
both for specific sections of an application as well as for the entire application itself.
Automated Testing with iSEC??™s SecurityQA Toolbar
The process to test for XSS in web applications can be cumbersome and complex across
a big web application with many forms. To ensure that XSS gets the proper security
attention, iSEC Partners??™ SecurityQA Toolbar provides a feature to test input fields on a
per-page basis rather than scanning the entire web application. While per-page testing
may take a bit longer, it can produce strong results since the testing focus is on each page
individually and in real time.
Pages:
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134