Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?

Or sign in with one of these services

Linus Media Group is not associated with these services
Sign Up

Protecting site from XSS attacks

By Shammikit
April 12, 2018 in Programs, Apps and Websites

Share

Posted April 12, 2018

hello, i have setup a vulnerable website in Apache for testing different types of attacks. I have recognized it is vulnerable to XSS by scanning it using ZAP. I have also tried attacks to display alert messages and cookies by using the commands below by intercepting inputs using ZAP.

<script>alert('Hello world')</script>
<script>alert('document.cookie')</script>

Now i want to know how to prevent these attacks. I tried using the commands below in my httpd.conf file of Apache but im still able to carry out XSS attacks.

Header set X-XSS-Protection "1; mode=block"

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

are there any issues in these commands or should i be doing something else? Is there a specific place that i should put the above commands in httpd.conf file because i just placed them towards the bottom.

Thankyou

Link to comment

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Share

Go to topic listing Programs, Apps and Websites

Featured Topics
- BOINC Pentathlon 2024
  
  leadeater · April 23
  
  132
Topics
- Ubiquiti Switch Options
  
  Phlozar · 9 minutes ago
  Posted in Networking
  
  0
- How would you place the fans for good airflow in this panorama case?
  
  Novinir · 33 minutes ago
  Posted in New Builds and Planning
  
  0
- Looking to do my first non prebuilt!
  
  Fellsting · 38 minutes ago
  Posted in New Builds and Planning
  
  0
- DLSS Not Working on Linux. NVIDIA Drivers installed
  
  TheRealBlarp · 44 minutes ago
  Posted in PC Gaming
  
  0
- PC loading slower
  
  Peregrine1 · 57 minutes ago
  Posted in Troubleshooting
  
  0
- I need advice with my upcoming new HomeServer. Can you help ?
  
  Tyraenel · 1 hour ago
  Posted in Servers, NAS, and Home Lab
  
  5
- Using a Samsung Odyssey G9 57' and a Samsung Ark together
  
  Technologyking · 1 hour ago
  Posted in Displays
  
  0
- Need help finding monitor
  
  Pove · 2 hours ago
  Posted in Displays
  
  0
- Nothing is working
  
  XxWOODSIExX · 2 hours ago
  Posted in Troubleshooting
  
  2
- Please rate my pcpartpicker
  
  Pove · 3 hours ago
  Posted in New Builds and Planning
  
  7
Join our Discord server

Get LTT merch

Support us on Floatplane

Support the forum
Latest From Linus Tech Tips:

I shouldn’t have kept the $1,000,000 computer
Latest From Tech Quickie:

This Guy BUILT His Own Graphics Card!
- Watch Now
- More Videos
Latest From TechLinked:

Microsoft, Give Up Already.
- Watch Now
- More Videos
Latest From GameLinked:

Roblox and Walmart... Are One
- Watch Now
- More Videos
Latest From ShortCircuit:

Dell Has Destroyed the XPS - Dell XPS 16 (2024)
- Watch Now
- More Videos
Latest From Mac Address:

Why did you buy an Apple Vision Pro?
- Watch Now
- More Videos
Latest From Channel Super Fun:

I Swapped the CEO's Assistant For a Day!
- Watch Now
- More Videos

×