Cross Site Scripting – XSS

cross site scripting

What is cross site scripting?

Cross site scripting or “XSS” is considered one of the most prevalent vulnerabilities among web applications.

It refers to an attack that allows a hacker to carry out dangerous scripts on a legitimate website or application.

Essentially, the user of a computer is not the actual targeted victim with XSS.

Instead, the attacker finds a vulnerability in a legitimate website or web application and uses that to funnel a dangerous script into the web browser of users.

How does cross site scripting work?

Victims of XSS typically click on dangerous links while visiting another website, or when they receive an instant message, email, or other form of communication.

The malicious links are often disguised to appear legitimate and safe.

But once the victim has clicked the link, the attacker is able to collect the victim’s data through the web application via malicious javascript.

Javascript can be dangerous for a number of reasons.

First of all, JavaScript has access to a victim’s cookies, which are sensitive in the computer-security sense.

JavaScript can also send out content to arbitrary destinations.

If a hacker is able to carry out arbitrary JavaScript in your web browser, he or she can then attack.

They may steal your cookies and use them to gather private details like your web session identifications – in other words, they can impersonate you.

They could also use a keylogger to document every keystroke you make, which could reveal your usernames, passwords, credit card numbers and more.

Advanced hackers could use cross site scripting to create fake login forms, which prompt targeted victims to type in private details that are instead funneled to a cyber criminal.

With modern browsers, attackers even have the ability to use JavaScript to access your location, your microphone, files on your computer – even your webcam.

It’s not just JavaScript that can prevent a risk through cross site scripting, but also ActiveX, HTML, Flash and VBScript.

How to protect against XSS attacks

Security experts maintain the best way to avoid falling victim to cross site scripting problems is to never follow links from one legitimate website to another.

For instance, if you’re browsing your favorite food recipe site and see a link to a news story from a popular national media outlet, don’t click that link.

Instead, visit the media outlet’s website by typing its main address in manually, and then use a search feature on that site to find the article you saw on the recipe website.

But it’s also important to use your email sensibly – avoid suspicious attachments, which can execute dangerous scripts without your knowledge.

Online bulletin boards and guest books are also popular targets for hackers, who can use the script on those pages to hack into your system.

Reconsider before you decide to view an online bulletin board or guestbook post from someone you don’t know.

To help avoid XSS problems, disable your web browser’s JavaScript and set your security to the highest setting possible to help prevent cookie theft.

If you own or administer a website or web application, test its vulnerability with a product that scans for vulnerabilities.

Some programs offer free trials and online services.[/vc_column_text][/vc_column][/vc_row]

Leave a Reply

Your email address will not be published.