A Web Developer's Guide to Cross-Site Scripting

نویسنده

  • Steven Cook
چکیده

Cross-site scripting attacks are those in which attackers inject malicious code, usually client-side scripts, into web applications from outside sources. Because of the number of possible injection locations and techniques, many applications are vulnerable to this attack method. Scripting attacks differ from other web application vulnerabilities because they attack an application’s users, not an application’s infrastructure, but they can still cause a great deal of damage. This paper describes how cross-site scripting works and what makes an application vulnerable, along with suggestions for developers about tools for discovering cross-site scripting vulnerabilities in their applications and recommended practices for creating applications that are less vulnerable to the attack and more resilient against successful cross-site scripting attacks.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Protection of Web Applications from Cross-Site Scripting Attacks in Browser Side

Cross Site Scripting (XSS) Flaws are currently the most popular security problems in modern web applications. These Flaws make use of vulnerabilities in the code of web-applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials.Cross-Site scripting Flaws occur when accessing information in intermediate trusted sites. Client side solution ...

متن کامل

The Research Perspective: XSS Attack and Prevention of XSS Vulnerability in Web Application

Cross-Site Scripting is one of the major’s attacks described by OWASP. The Cross Site Scripting attack is possible by inserting or changing the programming logic, changing and syntax of HTML elements by code injection attacks. The Web application is XSS Vulnerable when there is no proper input validation. The many web applications like social networking sites are the victims of this attack. Thi...

متن کامل

A Server Side Solution for Protection of Web Applications from Cross-Site Scripting Attacks

Cross-Site scripting attacks occur when accessing information in intermediate trusted sites. Cross-Site Scripting (XSS) is one of the major problems of any Web application. Web browsers are used in the execution of commands in web pages to enable dynamic Web pages attackers to make use of this feature and to enforce the execution of malicious code in a user’s Web browser. This paper describes t...

متن کامل

Analysis of Browser Defenses against XSS Attack Vectors

With the up gradation of technology came World Wide Web and now it has become part of our everyday life. Our increasing dependency on web applications has made us more susceptible to web based attacks .According to OWASP [1] (Open Source Web Application Security Project) Structured Query Language (SQL) injection, Cross Site Scripting Attack (XSS) and Cross-Site Request Forgery (CSRF) are the mo...

متن کامل

Cross Site Scripting Vulnerabilities and Defences: A Review

With the advancement in the internet technology since last two decades, the dependence on web applications has increased rapidly. All the facilities are nowadays available online at the ease of just one click. As a result, Web applications are prone to cyber-attacks which has major consequences such as theft of personal secure data and information tampering by 'Cookie stealing' or 'Session Hija...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003