Understanding Cross Site Scripting

6 Questions | Total Attempts: 360

SettingsSettingsSettings
Please wait...
Understanding Cross Site Scripting

How well do YOU know XSS and how to defend against it? Let's give that a test!


Questions and Answers
  • 1. 
    What defense will best help stop Cross Site Scripting (XSS)?
    • A. 

      Input Validation

    • B. 

      Output Encoding

    • C. 

      Cryptographic Tokens

    • D. 

      Rate Throttling

  • 2. 
    For which input validation needs are regular expressions not enough?
    • A. 

      File upload input

    • B. 

      Validating a username

    • C. 

      HTML Sanitization

    • D. 

      Validating untrusted JSON

    • E. 

      Validating a user's age

  • 3. 
    Which JavaScript functions are so dangerous that they will automatically execute untrusted data as JavaScript code?
    • A. 

      InnerHTML()

    • B. 

      Eval()

    • C. 

      Alert()

    • D. 

      SetTimeout()

    • E. 

      Text()

    • F. 

      All of the above

  • 4. 
    What is the best way to parse JSON in the browser?
    • A. 

      JSON parsing plugin

    • B. 

      JavaScript: JSON.parse

    • C. 

      JavaScript: eval()

    • D. 

      JavaScript: innerHTML()

    • E. 

      Server-side outbound JSON validation

  • 5. 
    What is the best design for input validation?
    • A. 

      Detecting attacks and rejecting them.

    • B. 

      Setting a policy for good input and rejecting everything else.

    • C. 

      Setting a policy for bad input and logging them.

    • D. 

      None of the above

  • 6. 
    Which of the following policies help stop cross-site scripting?
    • A. 

      Content Transport Policy

    • B. 

      Strict Content Policy

    • C. 

      Content Security Policy

    • D. 

      Content Policy Security

Back to Top Back to top