I've seen a lot of info on OWASP and around the web that talk about how to avoid/prevent XSS attacks. However, I have yet to find anything that mentions how to respond when an XSS attack has been detected.
What HTTP Status Code should be returned (i.e 400, 403...)? Should you provide an error message on the screen or on console.log? Redirect them to another page?
Aucun commentaire:
Enregistrer un commentaire