What is cross site scripting?
Cross site scripting or “XSS” is considered one of the most prevalent vulnerabilities among web applications.
It refers to an attack that allows a hacker to carry out dangerous scripts on a legitimate website or application.
Essentially, the user of a computer is not the actual targeted victim with XSS.
Instead, the attacker finds a vulnerability in a legitimate website or web application and uses that to funnel a dangerous script into the web browser of users.
How does cross site scripting work?
Victims of XSS typically click on dangerous links while visiting another website, or when they receive an instant message, email, or other form of communication.
The malicious links are often disguised to appear legitimate and safe.
They may steal your cookies and use them to gather private details like your web session identifications – in other words, they can impersonate you.
They could also use a keylogger to document every keystroke you make, which could reveal your usernames, passwords, credit card numbers and more.
Advanced hackers could use cross site scripting to create fake login forms, which prompt targeted victims to type in private details that are instead funneled to a cyber criminal.
How to protect against XSS attacks
Security experts maintain the best way to avoid falling victim to cross site scripting problems is to never follow links from one legitimate website to another.
For instance, if you’re browsing your favorite food recipe site and see a link to a news story from a popular national media outlet, don’t click that link.
Instead, visit the media outlet’s website by typing its main address in manually, and then use a search feature on that site to find the article you saw on the recipe website.
But it’s also important to use your email sensibly – avoid suspicious attachments, which can execute dangerous scripts without your knowledge.
Online bulletin boards and guest books are also popular targets for hackers, who can use the script on those pages to hack into your system.
Reconsider before you decide to view an online bulletin board or guestbook post from someone you don’t know.
If you own or administer a website or web application, test its vulnerability with a product that scans for vulnerabilities.
Some programs offer free trials and online services.