Please tell me what is cross-site scripting and how is it harmful for your application?

Total Post:46

Points:324
C#
 310  View(s)
Ratings:
Rate this:

Please tell me what is cross-site scripting and how is it harmful for your application?

Please tell me what is cross-site scripting and how is it harmful for your application.

  1. Post:25

    Points:175
    Re: Please tell me what is cross-site scripting and how is it harmful for your application?

    XSS : 

    Please tell me what is cross-site scripting and how is it harmful for your application?

    Cross-Site Scripting (XSS) is like as hacking attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. The result of XSS may range from petty nuisance like displaying an alert box to a significant security risk like stealing session cookies. Cross-Site Scripting (also referred to as XSS) is a kind of vulnerability that occurs when some hacker injects malicious code (ideally script) inside a web page or the database. OR XSS (cross-site scripting or cross-site security) is known as a type of security attack where the attacker injected the malicious code at the time of entering the data. If the hacker once gives these codes injected into the end user's browser. And if this code run on then it makes access to cookies, sessions, local files, etc. easier.

    What an attacker can do?

    •  ByPassing Logins
    •  Accessing secret data
    •  Modifying contents of the website
    •  Shutting down the My SQL server

    Please tell me what is cross-site scripting and how is it harmful for your application?

    These are some of the ways to use xss on your application that the attackers often use such as -

    Please tell me what is cross-site scripting and how is it harmful for your application?

    1). XSS

    • Standard XSS
    • DOM-Based XSS

    Please tell me what is cross-site scripting and how is it harmful for your application?

    2). HTML AND CSS. 

    Please tell me what is cross-site scripting and how is it harmful for your application?

    3). Scripting Languages or Codes.

    • Javascript
    • VB script
    • and Othe scripting languages etc.

    Please tell me what is cross-site scripting and how is it harmful for your application?

    4). SQL Injection. 

    Please tell me what is cross-site scripting and how is it harmful for your application?

    Bypass Login Screen :

    Please tell me what is cross-site scripting and how is it harmful for your application?

    Problems and Solution
    XSS attacks can generally be categorized into two categories: 
    
    •Stored and
    {
          Stored attacks are those where the injected script is permanently stored on the target servers,
          Such as in a database,
          In a message forum,
          Visitor log,
          Comment field, etc.
          The victim then retrieves the malicious script from the server when it requests the stored information.
    }
    •Reflected.
    {
    Reflected attacks are those where the injected script is reflected off the web server,
    Such as in an error message,
    The search result, or any other response that includes some or all of the input sent to the server as part of the request.
    Such as in an e-mail message, or on some other website.
    }
    Solution
    1). The best way to find flaws is to perform    a security review of the code and search for all places where input from an HTTP request could possibly make its way into the HTML output.
    
    2). Note that a variety of different HTML tags can be used to transmit a malicious JavaScript.

    And another solution is like as -

    1). Escaping      2). Validating Input     3). Sanitizing      4). You MUST use the escape syntax for the part of the HTML document you're putting untrusted data into.

    Please tell me what is cross-site scripting and how is it harmful for your application?

    Vulnerabilities by Type
    13). Denial of service
    12). xml external entity
    11). open redirect
    10). general bypass
    09). authentication bypass
    08). remote file inclusion
    07). full path disclosure
    06). remote code execution
    05). local file inclusion
    04). cross-site request forgery
    03). file upload
    02). SQL injection
    01). cross-site scripting

    The overall solution is in one word " Information is the only defense "

    Thanks...!!! for reading this forum.....if any suggestion please comment.

    More Read...

    http://answers.mindstick.com/qa/51738/what-is-the-cross-site-scripting-and-how-it-can-harmful-for-your-application


      Modified On Nov-22-2018 05:51:20 AM

Answer