Cross-site scripting is a type of code injection computer security attack that delivers malicious, client-side scripts on a user’s browser for launch and execution. Also known as XSS, this type of attack is different from others as their targets are not actually targeted directly. Instead, the threat actor uses vulnerable websites and web applications to carry out the attack when the users interact with those infected sites and application subsidies.
HOW DOES IT WORK?
XSS attacks have been known for roughly the 15 years, as they continue to prove quite effective for many threat actors. In fact, they are still commonly observed as one of the most viable attack vectors, today.
TYPES of XSS ATTACKS
Cross-site scripting attacks are most often categorized as:
- Reflected XSS—this type of attack is characterized by vulnerable websites accepting data (like malicious script) that has been sent by a target’s web browser, which then gets used to attack the target (hence “Reflected”
- Persistent XSS—this type of attack gets stored (persisted) on the vulnerable server, for attack during usual interactions with the vulnerable site or application
- DOM-based XSS—this type of attack has the vulnerability hidden in the client-side scripts that are always provided to site visitors; it does not directly serve up this malicious script to the browser of the target
PREVENTING XSS ATTACKS
To limit or prevent XSS attacks, you can protect yourself by:
- Sanitizing your user input by validating your input and encoding your output to prevent any potentially malicious data provided by the user which can trigger automatic load-and-execute behavior in a web-browser
- Limiting the amount of data you provide as a user, only using them when necessary
- Adhering to the content security policy
- Consistently use web vulnerability scanning tools to effectively identify XSS vulnerabilities in your current software.
Companies like Hikvision protect their products from such threats applying all possible preventing tricks, so the demand of their stocks are rising in stock markets.