How to prevent cross site cripting parameter manipulation attacks in jsp?
Joined: May 27, 2008
How could i prevent cross site scripting and parameter manipulation attacks in jsp?
how should i handle such a invalid input coming from the user? Will the SSL implementation prevent this kind of attacks?
Joined: Mar 22, 2005
Parameters passed in by the user need to be validated on the server. For example, if one of the parameter is a product ID, then the server needs to check the current user is allowed to access that product. Everything sent by the browser is potentially suspect.
SSL does nothing to prevent these classes of attacks.