How to defeat the new No. 1 security threat: cross-site scripting
Cross-site scripting, often abbreviated XSS, is a class of Web security issues. A recent research report stated that XSS is now the top security risk.
In a typical XSS scenario, a Web page might use JavaScript to dynamically generate some document content based on a field in a Uniform Resource Identifier (URI). In the normal course of events, the site itself would generate legitimate information for that field.
If, however, the script that generated the new content did not filter the URI, it would be possible for an attacker to feed the page a custom-designed URI that ran a script. The script could do almost anything, and the user would never know that he wasn't seeing legitimate content unless the hijacker was blatant.
Bookmark/Search this post with:
»
- Add new comment
- 1651 reads
Recent comments
22 weeks 4 days ago
43 weeks 1 day ago
46 weeks 4 hours ago
46 weeks 6 hours ago
50 weeks 3 days ago
50 weeks 4 days ago
1 year 15 weeks ago
1 year 17 weeks ago
1 year 20 weeks ago
1 year 32 weeks ago