forum

home / developersection / forums / please tell me what is cross-site scripting and how is it harmful for your application?

Ask Question
Anonymous User

Anonymous User

Follow

I am a content writter !

Can you answer this question?
Answer

1 Answers

Anonymous User

Anonymous User

22-Nov-2018

XSS : 


Cross-Site Scripting (XSS) is like as hacking attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. The result of XSS may range from petty nuisance like displaying an alert box to a significant security risk like stealing session cookies. Cross-Site Scripting (also referred to as XSS) is a kind of vulnerability that occurs when some hacker injects malicious code (ideally script) inside a web page or the database. OR XSS (cross-site scripting or cross-site security) is known as a type of security attack where the attacker injected the malicious code at the time of entering the data. If the hacker once gives these codes injected into the end user's browser. And if this code run on then it makes access to cookies, sessions, local files, etc. easier.

What an attacker can do?

  •  ByPassing Logins
  •  Accessing secret data
  •  Modifying contents of the website
  •  Shutting down the My SQL server


These are some of the ways to use xss on your application that the attackers often use such as -


1). XSS

  • Standard XSS
  • DOM-Based XSS


2). HTML AND CSS. 


3). Scripting Languages or Codes.

  • Javascript
  • VB script
  • and Othe scripting languages etc.


4). SQL Injection. 

Bypass Login Screen :

Problems and Solution
XSS attacks can generally be categorized into two categories: 

•Stored and 

     {

      Stored attacks are those where the injected script is permanently stored on the target servers, 

      Such as in a database, 

      In a message forum, 

      Visitor log, 

      Comment field, etc. 

      The victim then retrieves the malicious script from the server when it requests the stored information.

    }

•Reflected.

    {

      Reflected attacks are those where the injected script is reflected off the web server, 

      Such as in an error message, 

      The search result, or any other response that includes some or all of the input sent to the server as part of the request.

      Such as in an e-mail message, or on some other website.

    }
Solution
1). The best way to find flaws is to perform    a security review of the code and search for all places where input from an HTTP request could possibly make its way into the HTML output.

2). Note that a variety of different HTML tags can be used to transmit a malicious JavaScript.

And another solution is like as -

1). Escaping      2). Validating Input     3). Sanitizing      4). You MUST use the escape syntax for the part of the HTML document you're putting untrusted data into.


Vulnerabilities by Type

13). Denial of service

12). xml external entity

11). open redirect

10). general bypass

09). authentication bypass

08). remote file inclusion

07). full path disclosure

06). remote code execution

05). local file inclusion

04). cross-site request forgery

03). file upload

02). SQL injection

01). cross-site scripting

The overall solution is in one word " Information is the only defense "

Thanks...!!! for reading this forum.....if any suggestion please comment.

More Read...

http://answers.mindstick.com/qa/51738/what-is-the-cross-site-scripting-and-how-it-can-harmful-for-your-application


RELATED INTERVIEW

how many ways to deploy an assembly?

What’s the difference between System.Text.StringBuilder and System.String?

What is DataSet?

What is the difference between comments in c sharp?

Can multiple catch blocks be executed?

RELATED BLOGS

Concept of Inheritance

Access Modifier

Polymorphism

Concept of Array

Static Member

RELATED ARTICLE

Capture Screenshots Program in CSharp .NET

Pointers

Check Running Process in CSharp .NET

Calculator Program in CSharp .NET

Auto complete text in Combo Box

Related Forum

how to convert the character stored in arraylist?

What is the purpose of the async and await keywords in C#?

How to lookup Hard Drive model with C#?

Why can't recognize ManagementObjectSearcher class in VS2010 C#?

C# iterate on class own elements

Windows form always on top not working c#

YourViews

Islamic Terror Attack in Kashmir, Pahalgam

As Indians, are we losing our culture? True?

10 Science-Based Benefits of Yoga

Why Samajwadi Party always support goons and criminals?

Is Mamata Banerjee a threat to India? We must know.

Question & Answer

What are the key factors influencing the growth and pricing trends in the global cocoa market?

Are harsher punishments more effective than rehabilitation in deterring crime?

What role does education play in preventing criminal behavior in communities?

What strategies can communities use to reduce repeat offenses among criminals?

How do policing tactics impact crime rates and what reforms could help?

Tags

Liked By

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy