Sarah, a web security analyst, receives a report that a certain page on the company's website is vulnerable to an XSS attack. She decides to implement a CSP. Which of the following directives should she prioritize to mitigate this specific threat?
- font-src
- img-src
- media-src
- script-src
To mitigate the threat of XSS (Cross-Site Scripting) attacks, Sarah should prioritize the script-src directive when implementing a CSP. This directive controls which scripts are allowed to execute on a web page, and by restricting this, she can mitigate the risk of malicious script execution.
Loading...
Related Quiz
- What encryption technique involves two interdependent cryptographic keys, one public and one private?
- The use of multiple layers of security measures, including both malware detection and patch management, is referred to as a _______ approach.
- A _______ is a set of predefined rules in a firewall that determines whether to allow or block specific traffic.
- Which policy allows employees to use their personal devices for official work, but also emphasizes security measures to protect company data?
- A _______ is a list maintained by a Certificate Authority that contains all the certificates it has revoked.