Services
Technology Web App Development Mobile App Development Windows App Development Database Development UI/UX Development Cloud Development SEO Digital Marketing Guest Posting Content Writing Artificial Intelligence Data Science ERP Development CRM Development CMS Development LMS Development Business Listing Blockchain Technology Startup Promotion
Products
Data Converter Cleaner TUC - Unit Converter Import Export Survey Manager Tweet Controller
Developer
Article Blog Forum Interview Beginner News Startup Quiz
Users
Career
Apply Job Internship
Pricing
Login Sign Up Get a Quote

forum

home / developersection / forums / please tell me what is cross-site scripting and how is it harmful for your application?
Ask Question
Anonymous User
Anonymous User

A_Philosopher

I am a content writter !

Message

1 Answers

Anonymous User
Anonymous User 22 Nov 2018
Report Abuse

XSS : 

Anonymous User

Cross-Site Scripting (XSS) is like as hacking attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. The result of XSS may range from petty nuisance like displaying an alert box to a significant security risk like stealing session cookies. Cross-Site Scripting (also referred to as XSS) is a kind of vulnerability that occurs when some hacker injects malicious code (ideally script) inside a web page or the database. OR XSS (cross-site scripting or cross-site security) is known as a type of security attack where the attacker injected the malicious code at the time of entering the data. If the hacker once gives these codes injected into the end user's browser. And if this code run on then it makes access to cookies, sessions, local files, etc. easier.

What an attacker can do?

  •  ByPassing Logins
  •  Accessing secret data
  •  Modifying contents of the website
  •  Shutting down the My SQL server

Anonymous User

These are some of the ways to use xss on your application that the attackers often use such as -

Anonymous User

1). XSS

  • Standard XSS
  • DOM-Based XSS

Anonymous User

2). HTML AND CSS. 

Anonymous User

3). Scripting Languages or Codes.

  • Javascript
  • VB script
  • and Othe scripting languages etc.

Anonymous User

4). SQL Injection. 

Anonymous User

Bypass Login Screen :

Anonymous User

Problems and Solution
XSS attacks can generally be categorized into two categories: 

•Stored and 

     {

      Stored attacks are those where the injected script is permanently stored on the target servers, 

      Such as in a database, 

      In a message forum, 

      Visitor log, 

      Comment field, etc. 

      The victim then retrieves the malicious script from the server when it requests the stored information.

    }

•Reflected.

    {

      Reflected attacks are those where the injected script is reflected off the web server, 

      Such as in an error message, 

      The search result, or any other response that includes some or all of the input sent to the server as part of the request.

      Such as in an e-mail message, or on some other website.

    }
Solution
1). The best way to find flaws is to perform    a security review of the code and search for all places where input from an HTTP request could possibly make its way into the HTML output.

2). Note that a variety of different HTML tags can be used to transmit a malicious JavaScript.

And another solution is like as -

1). Escaping      2). Validating Input     3). Sanitizing      4). You MUST use the escape syntax for the part of the HTML document you're putting untrusted data into.

Anonymous User

Vulnerabilities by Type

13). Denial of service

12). xml external entity

11). open redirect

10). general bypass

09). authentication bypass

08). remote file inclusion

07). full path disclosure

06). remote code execution

05). local file inclusion

04). cross-site request forgery

03). file upload

02). SQL injection

01). cross-site scripting

The overall solution is in one word " Information is the only defense "

Thanks...!!! for reading this forum.....if any suggestion please comment.

More Read...

http://answers.mindstick.com/qa/51738/what-is-the-cross-site-scripting-and-how-it-can-harmful-for-your-application

advertising