Multiple choice technology security

Which of the following are countermeasures for XSS 1. Releasing Resources after use 2. Input Validation 3. Running with least privilege 4. URL based access control 5. Output Encoding

  1. 1 AND 4

  2. 2 AND 4

  3. 1 AND 5

  4. 2 AND 5

  5. 1 AND 2 AND 4

  6. 1 AND 2 AND 5

Reveal answer Fill a bubble to check yourself
D Correct answer
Explanation

XSS prevention requires two complementary approaches: Input Validation (whitelist allowed characters/patterns) and Output Encoding (escape dynamic output based on context). These neutralize malicious scripts. Releasing resources, least privilege, and URL access control address different security concerns (resource leaks, privilege escalation, authorization).

AI explanation

Input Validation (2) and Output Encoding (5) are the correct XSS countermeasures. XSS occurs when untrusted input is rendered as executable script/HTML in a browser; validating input (rejecting/sanitizing dangerous characters) and encoding output (escaping <, >, quotes, etc. before rendering) are the two primary OWASP-recommended defenses. Releasing resources after use (1) addresses resource leaks/DoS, not injection. Least privilege (3) limits damage from compromise generally but doesn't prevent script injection. URL-based access control (4) is an authorization mechanism, unrelated to sanitizing rendered content. So only the '2 AND 5' combination is correct.