XSS Introduction
Attack: XSS
Attacker can send data through web applications that will execute code within the victim’s web browser
It is an interpreter attack against the web browser
Application Defects: Improper Output Handling
Application does not properly apply contextual output encoding/escaping of user supplied data
Types:
Reflected,Stored and DOM
Consequences:
Session Hijacking,Malware Installation,Fraud (CSRF)
Remediation: Contextual Output Encoding
Must escape differently depending where data is displayed on the page
− HTML,HTML Attribute,URL,JavaScript,CSS
Reference: OWASP XSS Cheatsheet
http://www.owasp.org
Download: PDF
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “XSS Street-Fight: The Only Rule Is There Are No Rules”
Leave a reply