In a scenario where a user's session cookies are stolen via XSS, what security measures could have prevented this?

  • Cross-Site Request Forgery (CSRF) Token
  • Data Encryption
  • HttpOnly Cookies
  • Multi-Factor Authentication (MFA)
The use of HttpOnly Cookies, which cannot be accessed by JavaScript, is a security measure that could have prevented the theft of session cookies via XSS. By restricting access, the impact of XSS attacks on session data can be mitigated.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *