To prevent your websites from external attacks, there are three main ways:
1. Prevention at your end.
2. Use only trusted codes or DLL.
3. Scan your website in proper time intervals.
1. Prevention at your end: When you start to developed your website, firstly analyze all security features. And also analyze all ideas of Cross Site Scripting prevention.
- You can also use Data Validations that’s prevent external scripting to run on your database.
- The best way to prevent external script, you can use AntiXSS DLL in your project. It’s a Microsoft product, that's mainly designed for preventing Cross Site Scripting (XSS).
- In the current era, many malicious codes affect your website, that’s used for Url’s redirection and other suspicious activities. It's applied through your websites fields using scripting, SQL injection, XSS image exploitation, and such other things.
- Never leave your anchor tag href blank or using # instead of then. Replace all blank space and # from your anchor tag and replace with return void(0).
2. Use only trusted codes or DLL: During the development phase of your website, use only trusted line of codes, javascript CDN, CSS class files and DLL. If you are not sure about the line of code and other useful entities, trying to ignore them.
Trying to verify the complete project (website).
3. Scan your website in proper time internal: Ensure that you scan your complete website code using licensed and updated anti-virus.
I Hope It's Informative...