Get the app
Software Engineers
Software Engineers
on
BouncyLlama
BouncyLlama
31mo
by
Stealth

Help with preventing XSS stored file vulnerability attack.

Hey people,

As a part of our info sec audit I wanted to know how can I prevent common vulnerability attacks like XSS Stored file and Click jacking.

XSS stored file vulnerability: where a bad entity can upload a script to server and gain access/info. Eg: we have a upload image feature and the bad entity could Insert his/her script in .svg file and upload it to the server. Now this malicious code can be executed in multiple ways.

Clickjacking: someone opens the website in an iFrame and overlays a transparent button or something. Now a user click on it without realising what he/she is clicking on, once clicked it could be anything that the bad entity could have placed and api call sone file download etc…

I need to protect my web app against these two vulnerabilities anyone has worked on them?

31mo ago
MagicalQuokka
MagicalQuokka
Stealth
31mo

Can you block iFrame usage altogether for your webapp? Use X-Frame-Options header as well as a strict Content Security Policy

MagicalQuokka
MagicalQuokka
Stealth
31mo

This is mainly for clickjacking but can help with XSS too

BouncyLlama
BouncyLlama
Stealth
31mo

Cool thanks, let me try this approach.

Discover more
Curated from across