You have been tasked with securing a web application against XSS and CSRF attacks. What combination of security headers, practices, and designs would you use to mitigate the risk of these attacks?
- Implement Content Security Policy (CSP) headers and use anti-CSRF tokens.
- Disable browser same-origin policies for enhanced security.
- Store sensitive data in cookies without encryption.
- Allow inline scripts and styles for flexibility.
Option (1) is correct. Implementing Content Security Policy (CSP) headers and using anti-CSRF tokens are effective measures to mitigate XSS and CSRF attacks. Options (2) and (4) are insecure practices that would increase vulnerability. Option (3) is incorrect as sensitive data should be encrypted, not stored in cookies without protection.
Loading...
Related Quiz
- What is the significance of the error event in readable streams in Node.js?
- The typeof operator in JavaScript returns 'object' for ________.
- In Express, the ______ method is used to specify a callback function to handle HTTP GET requests to a specified route.
- In Express, how can you enable Cross-Origin Resource Sharing (CORS) for your API?
- The Time-To-Live (TTL) value in caching determines how long the data should remain in the cache before being ______.