Cross-Site Scripting (XSS)

s4s-uk

New member
Joined
Jun 4, 2014
Messages
20
Points
0
Cross-Site Scripting (XSS)

XSS is the most common website vulnerability which can hack and leak sensitive information such as credit card and social security numbers. It is a code which enables the hacker to send malicious content to the end-user and collect data from the victim without any detection. According to Symantec, 84% of their documented vulnerabilities in 2007 were classified as XSS.

This type of scripting exploits the “same origin policy.” For example, if Website A has the permission to access information on the system then any content that is linked to Website A will also have the same permissions. If an attacker find a way to infect the code of Website A, any information that Website A has access to (i.e. all the saved information in the browser of the user, ranging from saved passwords to cookies), the attacker will be able to download it onto his system as well.

In the past, websites like Twitter, Orkut, Facebook, YouTube, and MySpace have been affected by XSS scripting. This script can also be used to steal hidden personal data of users from servers of the compromised website.

It is recommended to have regular scanning of websites in order to make sure that you are not being attacked and that your users’ security is not compromised.
 
Last edited:

NaturalWriter

New member
Joined
May 24, 2014
Messages
242
Points
0
Cross-Site Scripting (XSS)In the past, websites like Twitter, Orkut, Facebook, YouTube, and MySpace have been affected by XSS scripting. This script can also be used to steal hidden personal data of users from servers of the compromised website.

It is recommended to have regular scanning of websites in order to make sure that you are not being attacked and that your users’ security is not compromised.
For those who aren't familiar with the process, would you care to elaborate on the steps to go about doing this? What would you recommend, based on your experience, and why? Any other suggestions to avoid future issues?
 

s4s-uk

New member
Joined
Jun 4, 2014
Messages
20
Points
0
Well programmer can install Web application firewall WAF, and secure there code to avoid Coding exploit because XSS normally target codes. also secure your site from Worms and Malware, always scan your site for such kind of things. its very bad impact if your site have those kind a vulnerabilities.
 

RobinYork

New member
Joined
Jun 1, 2014
Messages
51
Points
0
There is no absolute security concering XSS since people find new attack vectors every day. Sometimes XSS is even a browser bug you cant do anything about (except some workarounds).

To get the idea of the complexity look at this (incomplete) xss attack cheat sheet.

[URLnf=http://ha.ckers.org/xss.html]http://ha.ckers.org/xss.html[/URLnf]

Guess you should make yourself a XSS expert or hire one to reach your goal.

Videos:
[URLnf="https://www.youtube.com/watch?v=t161cahMAZc"]What is Cross-Site Scripting[/URLnf]
[URLnf="https://www.youtube.com/watch?v=i38LMZyKIqI"]What is Cross-site Scripting (XSS)[/URLnf]
[URLnf="https://www.youtube.com/watch?v=V79Dp7i4LRM"]Cross Site Scripting (Reflected XSS) Demo[/URLnf]
[URLnf="http://www.asp.net/web-forms/videos/how-do-i/how-do-i-understand-and-defend-against-script-injection-attacks-in-aspnet"]Defend Against Script Injection Attacks in ASP.NET[/URLnf]

I will post some good tutorials next time about XSS and about protecting against xss by few friends.
 
Older threads
Replies
9
Views
4,906
Replies
4
Views
4,318
Replies
6
Views
8,891
Replies
5
Views
3,534
Replies
6
Views
3,543
Ric
Newer threads
Replies
5
Views
3,073
Replies
9
Views
3,966
Replies
5
Views
5,305
Latest threads
Replies
1
Views
254
Replies
1
Views
355
Replies
4
Views
1,814
Replies
3
Views
790
Recommended threads
Replies
1
Views
2,475
Replies
8
Views
3,892
Replies
10
Views
3,497

Latest postsNew threads

Referral contests

Referral link for :

Sponsors

Popular tags

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top