Quote of the Day

more Quotes

Categories

Get notified of new posts

Buy me coffee

  • Home>
  • Cross Site Scripting
Tag Archives for " Cross Site Scripting "

Cross Site Scripting (XSS)

Published August 6, 2018 in security - 0 Comments

In a XSS attack, the attacker’s goal is to inject a malicious script into the user’s browser and have the browser execute the script. The vulnerability of web applications to XSS attacks is because of not validating user’s input and/or not encoding/sanitizing data when rendering into a browser. Don’t confuse Cross Site Scripting  with Cross Site Request Forgery (CSRF).

A successful XSS attack could be devastating. Examples of damages include exposing the victim’s sensitive data, displaying  inappropriate/unintended content, involuntarily transferring of money, impersonating the user’s account etc …

XSS attack is listed under the top ten most critical application security risks for 2017.

Several XSS types of attack describe how a malicious script arrives at a user’s browser: stored XSS attacks, reflected XSS attacks, and server vs client XSS attacks.

Continue reading