XSS-Vulnerability/EN: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
Zeile 4: Zeile 4:
 
|'''Check'''|| {{:{{PAGENAME}}/Negative}}
 
|'''Check'''|| {{:{{PAGENAME}}/Negative}}
 
|-
 
|-
|'''Beschreibung'''||  {{:{{PAGENAME}}/Description}}
+
|'''Description'''||  {{:{{PAGENAME}}/Description}}
 
|-
 
|-
|'''Hintergrund'''||  {{:{{PAGENAME}}/Background}}
+
|'''Background'''||  {{:{{PAGENAME}}/Background}}
 
|-
 
|-
|'''Auswirkung'''||  {{:{{PAGENAME}}/Consequence}}
+
|'''Consequence'''||  {{:{{PAGENAME}}/Consequence}}
 
|-
 
|-
|'''Lösung / Tipps'''||  {{:{{PAGENAME}}/Solution_Tips}}
+
|'''Solution/Tips'''||  {{:{{PAGENAME}}/Solution_Tips}}
 
|}
 
|}
  
Zeile 16: Zeile 16:
 
[[Category:Siwecos-Scanner/EN]]
 
[[Category:Siwecos-Scanner/EN]]
 
{{:{{PAGENAME}}/Category}}
 
{{:{{PAGENAME}}/Category}}
[[Category:Glossar]]
 

Version vom 15. März 2019, 12:59 Uhr

Check of the X-Content-Type header

Check Cross-site scripting protection is not active or configured incorrectly.
Description The HTTP header X-XSS-Protection defines how built-in XSS filters in the browser are configured. A default installation can indicate an incorrect configuration.
Background This Header] activates the one that is used in most current browsers (Internet Explorer, Chrome and Safari) built-in Cross-Site Scripting Protection (XSS). Protection is enabled by default, so this header is only for reactivating the filter if the user has disabled it. This header is only supported for IE 8+, Opera, Chrome and Safari.
Consequence Prevents reflected XSS attacks. Easy to implement, and requires no further adjustments on the website.
Solution/Tips If it was reported, that your website is probably not sufficiently protected from XSS attacks:

1; mode=block

Code example of an .htaccess file on an Apache webserver.

  # Turn on XSS prevention tools, activated by default in IE and Chrome
  Header set X-XSS-Protection "1; mode=block"

Here is an example of an .htaccess file which will set the Header Scanner to green. (.htaccess example)