Certified Information Systems Auditor (CISA) — Question 101

Cross-site scripting (XSS) attacks are BEST prevented through:

Answer options

• A. secure coding practices.
• B. use of common industry frameworks.
• C. a three-tier web architecture.
• D. application firewall policy settings.

Correct answer: A

Explanation

The best defense against XSS attacks is secure coding practices, as they ensure that inputs are properly validated and sanitized. While industry frameworks and web architecture can help, they do not specifically address the vulnerabilities that arise from improper coding. Application firewall policy settings can provide some level of protection, but they are not foolproof against XSS if the code itself is vulnerable.