Cross Site Scripting ?

in #steem6 years ago

Hello Steem Fam!

Today Let's talk about another Topic

Cross Site Scripting!(XSS)


What is Cross Site Scripting (XSS)

  • Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pagesviewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls

Types of Cross Site Scripting

  • Non Reflected

  • Reflected


How to Prevent XXS?

  1. Escape
  • The first method you can and should use to prevent XSS vulnerabilities from appearing in your applications is by escaping user input. Escaping data means taking the data an application has received and ensuring it’s secure before rendering it for the end user. By escaping user input, key characters in the data received by a web page will be prevented from being interpreted in any malicious way. In essence, you’re censoring the data your web page receives in a way that will disallow the characters – especially < and > characters – from being rendered, which otherwise could cause harm to the application and/or users.
  1. Validating Input
  • Validating input is the process of ensuring an application is rendering the correct data and preventing malicious data from doing harm to the site, database, and users. While whitelisting and input validation are more commonly associated with SQL injection, they can also be used as an additional method of prevention for XSS. Whereas blacklisting, or disallowing certain, predetermined characters in user input, disallows only known bad characters, whitelisting only allows known good characters and is a better method for preventing XSS attacks as well as others.
  1. Sanitizing
  • A third way to prevent cross-site scripting attacks is to sanitize user input. Sanitizing data is a strong defense, but should not be used alone to battle XSS attacks. It’s totally possible you’ll find the need to use all three methods of prevention in working towards a more secure application. Sanitizing user input is especially helpful on sites that allow HTML markup, to ensure data received can do no harm to users as well as your database by scrubbing the data clean of potentially harmful markup, changing unacceptable user input to an acceptable format.

Cross site scripting can lead to various types of problems including privacy of users and is one of the most used attacks by hackers....

Be safe !


Follow

Join and Get your Sweet now cuz they are so SWEEEEET!!


Thanks And don't forget to Upvote Resteem Follow and Join For more


Source

-Checkmarx


Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.checkmarx.com/2017/10/09/3-ways-prevent-xss/

Source is mentioned already .........

Posted using Partiko Android