How to defeat the new No. 1 security threat: cross-site scripting
Cross-site scripting, often abbreviated XSS, is a class of Web security issues. A recent research report stated that XSS is now the top security risk.
In a typical XSS scenario, a Web page might use JavaScript to dynamically generate some document content based on a field in a Uniform Resource Identifier (URI). In the normal course of events, the site itself would generate legitimate information for that field.
If, however, the script that generated the new content did not filter the URI, it would be possible for an attacker to feed the page a custom-designed URI that ran a script. The script could do almost anything, and the user would never know that he wasn't seeing legitimate content unless the hijacker was blatant.
Bookmark/Search this post with:
»
- Add new comment
- 2060 reads
Recent comments
51 weeks 1 day ago
1 year 3 weeks ago
1 year 7 weeks ago
1 year 8 weeks ago
1 year 11 weeks ago
1 year 18 weeks ago
1 year 43 weeks ago
2 years 12 weeks ago
2 years 15 weeks ago
2 years 15 weeks ago