You must Sign In to post a response.
  • Category: JavaScript

    How to validate url string to avoid phishing attacks

    Hi,

    I am using window.ShowModalDialog function in my application javascript file. I am passing url as string to this function and marked as phishing attack vulnerablility by scanner. Recommendation provided is validate url . How can validate url string in javascript to avoid phishing attacks. My code looks like below.

    var Id=document.getElementById("ID");
    var eName=document.getElementById("Name");
    var sUrl="https://myhomepage.aspx?EmployeeId='+ id + '&Name='+ eName;
    window.showModalDialog(sUrl,"arguments", sfeatures);
  • #763525
    Basically Query string in URL is the most important things that needs to be secure always
    To make them secure you can Encrypt and Decrypt QueryString Parameter Values in ASP.Net
    URL re-writing is also a good way to secure query string, Tamper Proof Query String is also one of the way to secure it, it first convert query string to byte and then using Base64String method to convert encrypt it
    see below urls to know more about it
    http://www.codeproject.com/Articles/9512/Tamper-Proof-Query-String
    http://www.mytecbits.com/microsoft/dot-net/securing-query-string-in-net
    https://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/

    Thanks
    Koolprasd2003
    Editor, DotNetSpider MVM
    Microsoft MVP 2014 [ASP.NET/IIS]


  • Sign In to post your comments