CompTIA CASP+ (CAS-003) — Question 234

A developer has executed code for a website that allows users to search for employees' phone numbers by last name. The query string sent by the browser is as follows: http://www.companywebsite.com/search.php?q=SMITH
The developer has implemented a well-known JavaScript sanitization library and stored procedures, but a penetration test shows the website is vulnerable to XSS.
Which of the following should the developer implement NEXT to prevent XSS? (Choose two.)

Answer options

• A. Sanitization library
• B. Secure cookies
• C. TLS encryption
• D. Input serialization
• E. Output encoding
• F. PUT form submission

Correct answer: A, E

Explanation

To effectively prevent XSS vulnerabilities, the developer should implement both a sanitization library and output encoding. While the sanitization library helps clean input, output encoding ensures that data is safely displayed in the browser, preventing the execution of malicious scripts. The other options, such as secure cookies and TLS encryption, address different security concerns and do not directly mitigate XSS risks.