XSS- Cross-site scripting
Cross-site scripting (XSS) is a computer security vulnerability found in web applications where an attacker executes malicious codes into a website or web applications. An attacker carrying out an XSS attack gains the ability to see and do everything that the user does–including passwords, payment, financial information, and more. However, neither the user nor the applications being attacked are aware of the attack.
Stored XSS( Persistent XSS)
DOM(Document object model)-based XSS
XSS attackers trick an application into sending malicious scripts through the browser. Each time a user accesses the affected page; their browser will download and run the malicious script as if it was part of the page. Through XSS, an attacker does not target a victim directly; instead, they exploit the vulnerable web application that the user uses. They use it as a vehicle to spread malware, phish for credentials and more to the victim’s browser. Social-networking sites like Twitter, Facebook, MySpace, YouTube, and Orkut are some of the prominent sites affected in the past.
However, there are ways to prevent these XSS attacks at an early stage like:
Escaping: Ensuring an application is secure before rendering it to the end user. By escaping user input, the data received by a web page will be prevented from being interpreted in any malicious way.
Validating Input: Ensuring that the input provided by an application is not malicious data and preventing it from doing harm to the site, database, and users. It helps to reduce the effects of an attack.
Sanitizing: The user input is sanitized by scrubbing data clean of possible harmful markup, changing improper user input to an acceptable format.
White Paper By: ZoneFox
How can User Behaviour Analytics help secure business-critical data while protecting reputation, and sales revenue? As insider threat is the greatest risk to an organization’s security, an insider threat management program must include a robust understanding of the various profiles that fall under this threat umbrella and the motivations and situations that give rise to them. Since the...
White Paper By: Circadence
Top-notch cybersecurity is an essential part of our world. Data breaches can bring a business to its knees in the blink of an eye. Gamification has a tremendous opportunity to revolutionize the speed, efficacy and relevancy of training in the quickly evolving landscape of the Cybersecurity sector. Cybersecurity awareness trainings are usually a boring affair, by training...
White Paper By: Lastline
Today’s sophisticated malware is a major culprit in many of the rampant cybersecurity incidents. Unfortunately for organizations, advanced malware is getting harder to detect. Malware assaults are so common that many IT managers admit that their enterprise networks are likely to experience a cyberattack at some point because their conventional security systems cannot effectively...
White Paper By: ERPScan
How aware people are about SAP cyber security, regardless of how widely SAP in this region are implemented? This whitepaper shows a high level overview of SAP security in figures so that the problem area is not just theoretically comprehensible but based on actual numbers and metrics – from the information about the number of found issues and their popularity to the number of...
White Paper By: Delta Group
The increasing volume and sophistication of cyber security threats including targeting phishing scams, data theft, and other online vulnerabilities, demand that we remain vigilant about securing our organization. The current cyber security risks that are top-of-mind, the risks that aren’t, and the ecosystem that’s coalescing to form defensive—and offensive—measures...
White Paper By: SPECOPS
Passwords are the thin layer protecting our personal information from the “unknown.” A few key proactive measures can make that layer impenetrable. Shifting some burden from individuals to password policies that promote stronger passwords is the next logical step. A proactive password security approach can go a long way for both organizations and users. Password security is a...