Share On

XSS- Cross-site scripting

Cross-site scripting (XSS) is a computer security vulnerability found in web applications where an attacker executes malicious codes into a website or web applications. An attacker carrying out an XSS attack gains the ability to see and do everything that the user does–including passwords, payment, financial information, and more. However, neither the user nor the applications being attacked are aware of the attack.

Cross-site Scripting can be classified into three major categories—

  • Stored XSS( Persistent XSS)

  • Reflected XSS

  • DOM(Document object model)-based XSS

XSS attackers trick an application into sending malicious scripts through the browser. Each time a user accesses the affected page; their browser will download and run the malicious script as if it was part of the page. Through XSS, an attacker does not target a victim directly; instead, they exploit the vulnerable web application that the user uses. They use it as a vehicle to spread malware, phish for credentials and more to the victim’s browser. Social-networking sites like Twitter, Facebook, MySpace, YouTube, and Orkut are some of the prominent sites affected in the past.

However, there are ways to prevent these XSS attacks at an early stage like:

  • Escaping: Ensuring an application is secure before rendering it to the end user. By escaping user input, the data received by a web page will be prevented from being interpreted in any malicious way.

  • Validating Input: Ensuring that the input provided by an application is not malicious data and preventing it from doing harm to the site, database, and users. It helps to reduce the effects of an attack.

  • Sanitizing: The user input is sanitized by scrubbing data clean of possible harmful markup, changing improper user input to an acceptable format.

Mitigating the insider threat risks

White Paper By: ZoneFox

How can User Behaviour Analytics help secure business-critical data while protecting reputation, and sales revenue? As insider threat is the greatest risk to an organization’s security, an insider threat management program must include a robust understanding of the various profiles that fall under this threat umbrella and the motivations and situations that give rise to them. Since the...

The Importance of Gamification in Cybersecurity

White Paper By: Circadence

Top-notch cybersecurity is an essential part of our world. Data breaches can bring a business to its knees in the blink of an eye.  Gamification has a tremendous opportunity to revolutionize the speed, efficacy and relevancy of training in the quickly evolving landscape of the Cybersecurity sector.   Cybersecurity awareness trainings are usually a boring affair, by training...

Lastline Advanced Malware Detection

White Paper By: Lastline

Today’s sophisticated malware is a major culprit in many of the rampant cybersecurity incidents. Unfortunately for organizations, advanced malware is getting harder to detect. Malware assaults are so common that many IT managers admit that their enterprise networks are likely to experience a cyberattack at some point because their conventional security systems cannot effectively...

SAP Cyber Security in Figures: Global Threat Report 2016

White Paper By: ERPScan

How aware people are about SAP cyber security, regardless of how widely SAP in this region are implemented? This whitepaper shows a high level overview of SAP security in figures so that the problem area is not just theoretically comprehensible but based on actual numbers and metrics – from the information about the number of found issues and their popularity to the number of...

Collective Measures Against the Invisible: Cyber Security and The Data Management Ecosystem

White Paper By: Delta Group

The increasing volume and sophistication of cyber security threats including targeting phishing scams, data theft, and other online vulnerabilities, demand that we remain vigilant about securing our organization. The current cyber security risks that are top-of-mind, the risks that aren’t, and the ecosystem that’s coalescing to form defensive—and offensive—measures...

The Specops Password Report: Safeguarding Passwords Against Data Breaches

White Paper By: SPECOPS

Passwords are the thin layer protecting our personal information from the “unknown.” A few key proactive measures can make that layer impenetrable. Shifting some burden from individuals to password policies that promote stronger passwords is the next logical step. A proactive password security approach can go a long way for both organizations and users. Password security is a...

follow on linkedin follow on twitter follow on facebook 2018 All Rights Reserved | by: