XSS Attacks - Cross Site Scripting Exploit and Defense
What is Cross Site Scripting (Xss)?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
Cross-site scripting vulnerabilities date back to 1996 during the early days of the World Wide Web (Web). A time when e-commerce began to take off, the bubble days of Netscape,Yahoo, and the obnoxious blink tag. When thousands of Web pages were under construction, littered with the little yellow street signs, and the “cool”Web sites used Hypertext Markup Language (HTML) Frames.The JavaScript programming language hit the scene, an unknown harbinger of cross-site scripting, which changed the Web application security landscape forever. JavaScript enabled Web developers to create interactive Web page effects including image rollovers, floating menus, and the despised pop-up window. Unimpressive by today’s Asynchronous JavaScript and XML (AJAX) application standards, but hackers soon discovered a new unexplored world of possibility. Hackers found that when unsuspecting users visited their Web pages they could forcibly load any Web site (bank, auction, store,Web mail, and so on) into an HTML Frame within the same browser window.Then using JavaScript, they could cross the boundary between the two Web sites, and read from one frame into the other.They were able to pilfer usernames and passwords typed into HTML Forms, steal cookies, or compromise any confidential information on the screen.The media reported the problem as a Web browser vulnerability. Netscape Communications, the dominant browser vendor, fought back by implementing the ”same-origin policy,” a policy restricting JavaScript on one Web site from accessing data from another. Browser hackers took this as a challenge and began uncovering many clever ways to circumvent the restriction.
Note: Do Not Use Any eBook Of This Blog To Harm Anyone. This Is Only For Educational Purpose. I Will Not Be Responsible For Anything Done By You.
Do you like my eBooks..?
|
Get Free Email Updates Daily!
|
Follow us!
|
Posted on
@Krishna that is the Green one