What are script injection attacks? - ASP.NET

What are script injection attacks?

Script injection attacks called Cross-site scripting (XSS) attacks exploit vulnerabilities in Web page validation by injecting client-side script code.

This code executes on the user’s browser after the browser downloads the script code from a trusted site and then the browser has no way of determining the legitimacy code.

What are script injection attacks?

Script injection attacks occur when an end user tries to fill in malicious code in the form or input fields of a form to access database or change it or destroy it. The malicious code tries to fool the application, that it was just another end user. The technique involves submitting contents wrapped in <script>, <object>, <applet>, <embed>, <frame>, <link> etc tags.

Request validation and validating the input provided by the end user are a solution to such attacks. One can use the following in the web.config for validating requests for all pages in the application.

<configuration>
   <appSettings/>
 <connectionStrings/>
 <system.web>
  <pages validateRequest="false"/>
 </system.web>
</configuration>
What is Authentication in ASP.NET?
What is Authentication in ASP.NET? - Authentication is the process of verifying user’s details..
Login controls vs Forms authentication - ASP.NET
ASP.NET Login controls vs Forms authentication - Login controls are part of ASP. Net’s UI controls collection which allows users to enter their...
What is Fragment Caching in ASP.NET?
ASP.NET - What is Fragment Caching in ASP.NET? - Fragment caching does not cache a WebForm, rather it allows for caching of individual...
Post your comment