How to prevent Content Spoofing

The escaping of service HTML characters protects only from XSS, but does not protect against Content Spoofing attacks. The operation of Content Spoofing is possible due to the output of data coming from outside the GET and POST parameters, HTTP headers or or COOKIE, which can be forged by an attacker.

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  Explore Cross-Site Script Inclusion →