Client Input Filtering Practices

Client input filtering is needed to prevent specific attacks.

Cross Site Scripting (XSS)

Cross-site scripting vulnerabilities allow malicious attackers to take advantage of web server scripts written in languages such as PHP, ASP, .NET, Perl or Java that do not adequately filter data sent along with page requests to inject JavaScript or HTML code that is executed on the client-side browser. These flaws occur anywhere a web application uses input from a user in the output it generates without validating it. Any type of variable that comes from a user or comes from a place where you do not control needs to... ...

Web Security Standard

Web Security Standard

The Web Standard provides measures to prevent, detect, and correct compromises on web servers that host RIT Confidential information or use RIT Authentication services. The standard includes configuration and documentation requirements.

Documented Standard

  • Current Web Security Standard (supersedes previous version, comply by 1/23/15)
  • 11/11/13 Web Standard PDF (effective through 1/22/15)
  • NOTE: As of 12/5/2014, SSL is no longer considered to be secure.

When am I required to follow the standard?

  • If you own, administer, or maintain
  • ... ...