How to defeat the new No. 1 security threat: cross-site scripting
Cross-site scripting, often abbreviated XSS, is a class of Web security issues. A recent research report stated that XSS is now the top security risk.
In a typical XSS scenario, a Web page might use JavaScript to dynamically generate some document content based on a field in a Uniform Resource Identifier (URI). In the normal course of events, the site itself would generate legitimate information for that field.
If, however, the script that generated the new content did not filter the URI, it would be possible for an attacker to feed the page a custom-designed URI that ran a script. The script could do almost anything, and the user would never know that he wasn't seeing legitimate content unless the hijacker was blatant.
Bookmark/Search this post with:
»
- Add new comment
- 1174 reads
Recent comments
2 weeks 4 days ago
2 weeks 6 days ago
25 weeks 5 days ago
28 weeks 3 days ago
32 weeks 3 days ago
32 weeks 5 days ago
37 weeks 4 days ago
39 weeks 4 days ago
40 weeks 1 day ago
40 weeks 3 days ago