[研究] X-XSS Protection

[研究] X-XSS Protection

2017-06-24

<add name="X-XSS-Protection" value="1; mode=block" />

Controlling the XSS Filter
https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/

IE8 Security Part IV: The XSS Filter
https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/

利用瀏覽器XSS跨站攻擊腳本篩選過濾特性(X-XSS-Protection)
http://doc.5lsoft.com/help/content.aspx?itemno=000067&_rnd=635900856594128005

IBM AppScan 安全漏洞問題修復（.net）
http://www.cnblogs.com/anngeiBKY/p/4952269.html

網站程式開發的注意事項，關於資訊安全與修補方式....陸續補充 (ASP.Net)
http://sweeteason.pixnet.net/blog/post/41779906-%E7%B6%B2%E7%AB%99%E7%A8%8B%E5%BC%8F%E9%96%8B%E7%99%BC%E7%9A%84%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A0%85%EF%BC%8C%E9%97%9C%E6%96%BC%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E8%88%87%E4%BF%AE

Config your IIS server to use the “Content-Security-Policy” header
https://stackoverflow.com/questions/37992225/config-your-iis-server-to-use-the-content-security-policy-header

X-XSS-Protection – Preventing Cross-Site Scripting Attacks

https://www.keycdn.com/blog/x-xss-protection/

(待續)


相關

[研究] Microsoft Anti-XSS Library V4.3 (Anti-Cross Site Scripting Library)
https://shaurong.blogspot.com/2017/06/microsoft-anti-xss-library-v43-anti.html

[研究][ASP.NET] 用了 AntiXssEncoder.HtmlEncoder 仍被 Fortify SCA v17.20 說有問題
https://shaurong.blogspot.com/2018/04/aspnet-antixssencoderhtmlencoder.html

[研究] [ASP.NET] DropDownList1 的 Cross-site scripting (XSS) (Reflected XSS) 修正
https://shaurong.blogspot.com/2017/09/aspnet-dropdownlist1-cross-site.html

[研究] [ASP.NET] Cross-Site Scripting(XSS) 防範，白名單輸入驗證
https://shaurong.blogspot.com/2019/06/aspnet-cross-site-scriptingxss.html

[研究] X-XSS Protection
https://shaurong.blogspot.com/2017/06/x-xss-protection.html