A Web Developer's Guide to Cross-SiteScripting
Cross-site scripting attacks are those in which attackers inject malicious code,<br />usually client-side scripts, into web applications from outside sources. Because<br />of the number of possible injection locations and techniques, many applications<br />are vulnerable to this attack method. Scripting attacks differ from other web<br />application vulnerabilities because they attack an application’s users, not an<br />application’s infrastructure, but they can still cause a great deal of damage. This<br />paper describes how cross-site scripting works and what makes an application<br />vulnerable, along with suggestions for developers about tools for discovering<br />cross-site scripting vulnerabilities in their applications and recommended<br />practices for creating applications that are less vulnerable to the attack and more<br />resilient against successful cross-site scripting attacks.
Read the Complete Paper
Current Tags:
None
Add Tags:
|
Current Rating:
 (0 votes)
Add Rating:
|
Similar content:
Cross Site Scripting (XSS) FAQ, in
Cross Site Scripting
Cross-Sight ScriptingVulnerabilities, in
Cross Site Scripting
Detection of SQL Injection and Cross-site ScriptingAttacks, in
Web Security
A Case for Forensics Tools in Cross-Domain Data Transfers, in
Forensics
Post Comment
Cite in Modern Language Association (MLA) Style
"A Web Developer's Guide to Cross-SiteScripting" SANS Institute, , UTC.
04 Jul 2008, 9:17
<http://www.sans.org/reading_room/whitepapers/securecode/988.php>
Cite in Chicago Style
Steven Cook, "A Web Developer's Guide to Cross-SiteScripting," http://www.sans.org/reading_room/whitepapers/securecode/988.php (accessed
Jul 04, 2008
).
