Hi,
The risk management team has detected XSS in our web application. Category : The script can be injected in the URL as queryString. The application is developed in VS 2008, Windows server 2003 and 2008, IIS 6.0 and having SSL V3 installed in web server. I was looking for an option where MITM attack can be mitigated with the minimun code change / no code change. I found the solution with the 1) patch RFC 5746. Is this patch SSL 3.0 compatible? Also, instead of this RFC, I also found 2) MS kb/977377. I would like to know what are all the IMPACT of disabling ssl renegotiation in iis using these 2 ways.
As mentioned, I wanted to do the minimum code change. Hence not considering validating input by sanitization.
Also, is AntiXSSLibrary.DLL.Microsoft Anti-Cross site scripting library is compatible to VS 2008? If yes, where can I found the relevant code.
You can also suggest me with any other solution.
With warm regards...