I have already developed web application in asp.net c#. we also put setting validateRequest to true, this validates the scripts and html tags(<script>,<p>) from injecting. but using Burp suit we can insert data like "%uFF1Cscript%uFF1Ealert%28%u2018XSS%u2019%29%3B%uFF1C/script%uFF1E" how to validate these types of attack in some global level settings.
we tried in webconfig like- <globalization requestEncoding="utf-8"/> <add name="X-Xss-Protection" value="1; mode=block" /> <add name="X-Content-Type-Options" value="nosniff" /> <add name="Content-Security-Policy" value="default-src 'self' , 'unsafe inline' etc...;" /> <add name="X-Frame-Options" value="SAMEORIGIN" /> <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains"/>
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)