Forum Discussion
Amine_Kadimi
MVP
I suggest you enable signature enforcement for server responses. In a lab environment it should be OK but in production it might impact the performance of the app
Daniel_Wolf
Feb 28, 2024MVP
Yes, that's what I said. Signatures can be enforced also on responses.
- Nishal_RaiMar 06, 2024Cirrocumulus
Amine_KadimiDaniel_Wolf
Sorry for the late response.
Regarding signature enforcement on the responses, I selected the following signature set.The log events of the application:
On the file types specification of the response signatures:What would be the appropriate file types, since the script is stored on a message box.
Since the above mentioned signature was unable to detect the stored XSS payload in the response.