Cross-Site Scripting (XSS)

s4s-uk

New member
Registered
Joined
Jun 4, 2014
Messages
12
Points
0
Cross-Site Scripting (XSS)

XSS is the most common website vulnerability which can hack and leak sensitive information such as credit card and social security numbers. It is a code which enables the hacker to send malicious content to the end-user and collect data from the victim without any detection. According to Symantec, 84% of their documented vulnerabilities in 2007 were classified as XSS.

This type of scripting exploits the same origin policy.” For example, if Website A has the permission to access information on the system then any content that is linked to Website A will also have the same permissions. If an attacker find a way to infect the code of Website A, any information that Website A has access to (i.e. all the saved information in the browser of the user, ranging from saved passwords to cookies), the attacker will be able to download it onto his system as well.

In the past, websites like Twitter, Orkut, Facebook, YouTube, and MySpace have been affected by XSS scripting. This script can also be used to steal hidden personal data of users from servers of the compromised website.

It is recommended to have regular scanning of websites in order to make sure that you are not being attacked and that your users' security is not compromised.
 
Last edited:

NaturalWriter

Well-known member
Registered
Joined
May 24, 2014
Messages
127
Points
0
Cross-Site Scripting (XSS)In the past, websites like Twitter, Orkut, Facebook, YouTube, and MySpace have been affected by XSS scripting. This script can also be used to steal hidden personal data of users from servers of the compromised website.

It is recommended to have regular scanning of websites in order to make sure that you are not being attacked and that your users' security is not compromised.
For those who aren't familiar with the process, would you care to elaborate on the steps to go about doing this? What would you recommend, based on your experience, and why? Any other suggestions to avoid future issues?
 

s4s-uk

New member
Registered
Joined
Jun 4, 2014
Messages
12
Points
0
Well programmer can install Web application firewall WAF, and secure there code to avoid Coding exploit because XSS normally target codes. also secure your site from Worms and Malware, always scan your site for such kind of things. its very bad impact if your site have those kind a vulnerabilities.
 

RobinYork

Member
Registered
Joined
Jun 1, 2014
Messages
33
Points
0
There is no absolute security concering XSS since people find new attack vectors every day. Sometimes XSS is even a browser bug you cant do anything about (except some workarounds).

To get the idea of the complexity look at this (incomplete) xss attack cheat sheet.

http://ha.ckers.org/xss.html

Guess you should make yourself a XSS expert or hire one to reach your goal.

Videos:
What is Cross-Site Scripting
What is Cross-site Scripting (XSS)
Cross Site Scripting (Reflected XSS) Demo
Defend Against Script Injection Attacks in ASP.NET

I will post some good tutorials next time about XSS and about protecting against xss by few friends.
 
Older Threads
Replies
4
Views
4,364
Replies
6
Views
4,742
Replies
5
Views
3,870
Replies
0
Views
3,294
Newer Threads
Replies
0
Views
2,158
Replies
9
Views
4,350
Replies
5
Views
4,069
Replies
3
Views
4,624
Latest Threads
Replies
1
Views
27
Replies
0
Views
190
Replies
1
Views
40
Replies
2
Views
83

Latest postsNew threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top