office@ibs-serbia.com

 

 

 

 

 

 

BLOG

 

 

WE ARE HERE FOR YOUR SUCCESS

ARE YOU READY FOR A CHANGE ARE YOU TO IMPROVE YOUR BUSINESS

WE ARE NOT CHANGE ONLY YOUR BUSINESS STRATEGY WE CHANGE YOUR PEOPLE    

 

 

 

 

 

 

XSS - Cross Site Scripting

XSS - Cross Site Scripting

Cross Site Scripting is the most common vulnerability in web applications. It happens when the application accepts unverified data and send them the browser without any real checks. This allows attackers to execute scripts in the victim's browser, which can take control of the user session, or redirected to malicious links.

3 basic characteristics of XSS attacks are:
 
· XSS attacks are taking place on the vulnerable web applications
 
· The XSS attacks the victim's users, not applications
 
· The XSS attacks malicious content is delivered via JavaScript
 
XSS attacks occur primarily due to inadequate cleaning the user's input. Consider the case where a hypothetical web site has a form on a web page that accepts the user's e-mail address so he could send new vesti.Web application that handles e-mail address might not be programmed. Because of these shortcomings in the computer code that accepts input from the user and further processed, the hacker is able to run its own course harmful computer code.
 
An example of XSS attacks:
 
Let's look at a site that has a link like this URL:

xss-link1


Let's say that the "name" parameter is used to define the values for the user name. The site uses this value to be written "Hello ZoranLojpur" on the web site. In this case, the hacker can use the parameter "name" by adding malware information on the parameter "name" instead of the expected names as specified in the following link:

xss-link2
 

In this case shall be enabled and out notice "XXS vulnerability," but the real malware code can be run on site by applying the same techniques.
 
Such an attack is successful because of the web application that analyzes the URL and allows operation of the web site, inaccurate and incorrect instructions given user to always placing the secure data. In fact, he was not prepared for such threats. In this case, the hacker uses benign web site to launch malware attacks to the user who has no doubts, a website owner usually has no idea that his web site used for the execution of malicious code.
 
How to detect that your site is vulnerable to XSS attacks and what to do?
 
1. Be sure to check the software that enables the operation of your site, whether it takes user input directly and immediately use it without filtering!
 
2. Upgrade the latest version of the software.
 
3. Make sure that the third party plugin that uses the site at risk for susceptibility to XSS attacks.
 
4. Conduct a vulnerability assessment scan the site to find out whether there are any XSS vulnerabilities. Any weak point should as soon as possible to remove or repair.
 
5. Use the Web Application Firewall to prevent harmful attacks on your site.

1 comment

  • Comment Link Minuman berenergi %PM, %14 %796 %2015 %18:%May posted by Minuman berenergi

    I'm curious to find out what blog platform you
    have been using? I'm having some minor security issues
    with my latest website and I would like to find something
    more risk-free. Do you have any suggestions?

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

 
%AM, %11 %295 %2015 %06:%Mar
1842
Rate this item
(1 Vote)

Newest Articles