Today, as I have been looking at the cf app logs, I have seen a lot of cross-scripting attacks. Mostly generated at our behest,by a service that confirms our security.
However we also have a tool to help prevent that, Microsoft's Urlscan.
Very interesting tool, to play with and to configure, however it seems to be missing something, because cross-scripting just comes right through.
Now I have played with using some Regular Expressions that can be on each application's page, but it is a painful performance to force it loop through each url variable, and validate and verify it.
Now everyday I look at my logs, especially in the morning, and I someday want there to be no errors there, of course that may not be a realistic wish. One can hope can't they??? :)
It was just a simple alert script, but still it kept popping up with it's annoying message.
My attempt in cfml was to use regex, and to only allow certain url variables, and if there is any bad url variables, to do a cflocation with the new cleaned up url variables and values.
We remotely may end up doing that, but we'd rather not have to scan each page's url variables for validity.
What have the rest of you done to prevent this?
If I may be so bold, I want to thank all of you for the honor of providing some little tidbit that may be of use to you.