Web applications (such as SIF Agents and Zone Integration Servers) that send and receive data have the potential for being attacked using a method called cross-site scripting(or XSS). XSS enables its attackers to embed scripts into the receive pages of the web application and causes unwanted actions to occur in the sending application (or computer). In the recent past, these breaches accounted for more than 80% of all security vulnerabilities.
To avoid such attacks, sending applications (SIF Agents in our case) should follow these guidelines when preparing the data to be sent in their POST strings:
In Microsoft .NET 4.0 (which the ZIS uses), Microsoft added a layer of protection which guards against XSS attacks. After IIS receives an incoming message and before .NET processes an application's BeginRequest event, it checks for any of the signs that would indicate a cross-site scripting attack. If it finds any, it logs an event in the system error log and discards the message.
From the ZIS's perspective, it never receives the inbound message.