ASP.NET MVC security Interview questions
- By Shiv Prasad Koirala in ASP.NET
- May 28th, 2015
- 21810
- 2
What is XSS ?
XSS (Cross site scripting) is a security attack where the attacker injects malicious code while doing data entry. This code can be a javascript , vbscript or any other scripting code. Once the code is injected in end user's browser. This code can run and gain access to cookies, sessions, local files and so on.
For instance below is a simple product data entry form. You can see in the product description how the attacker has injected a javascript code.
Once we click submit you can see the JavaScript code actually running.
How can we prevent the same in MVC ?
In MVC by default XSS attack is validated. So if any one tries to post javascript or HTML code he lands with the below error.
Download our 100 ASP.NET MVC interview question PDF from
http://www.codeproject.com/Articles/556995/ASP-NET-MVC-interview-questions-with-answers
Shiv Prasad Koirala
Visit us @ www.questpond.com or call us at 022-66752917... read more