PrepAway - Latest Free Exam Questions & Answers

(Choose two.)

The BEST methods for a web developer to prevent the website application code from being vulnerable to crosssite request forgery (XSRF) are to ____________. (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
permit redirection to Internet-facing web URLs.

B.
ensure all HTML tags are enclosed in angle brackets, e.g., ”<” and “>”.

C.
validate and filter input on the server side and client side.

D.
use a web proxy to pass website requests between the user and the application.

E.
restrict and sanitize use of special characters in input and URLs.

Explanation:
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web
application’s trust of a user who is known or is supposed to have been authenticated. This is often
accomplished without the user’s knowledge.
XSRF can be prevented by adding a randomization string (called a nonce) to each URL request and session
establishment and checking the client HTTP request header referrer for spoofing.


Leave a Reply