Home / Technology / A Quick Look at Cross Site Scripting Computer Security Attacks

A Quick Look at Cross Site Scripting Computer Security Attacks

Cross-site scripting is a type of code injection computer security attack that delivers malicious, client-side scripts on a user’s browser for launch and execution.  Also known as XSS, this type of attack is different from others as their targets are not actually targeted directly. Instead, the threat actor uses vulnerable websites and web applications to carry out the attack when the users interact with those infected sites and application subsidies.

HOW DOES IT WORK?

In an XSS attack, the unsuspecting user will visit one of the compromised destinations and when they do, the attacker’s malicious scripts will be loaded into the browser and then executed. When this happens it can lead to theft of sensitive data, of course, but also session hijacking and possibly even more potential risks.  Since JavaScript has broad support across so many web browsers and platforms, it is a popular destination for XSS attack authors, but threat actors can craft an attack in any language that a desired web browser supports.

XSS attacks have been known for roughly the 15 years, as they continue to prove quite effective for many threat actors.  In fact, they are still commonly observed as one of the most viable attack vectors, today.

TYPES of XSS ATTACKS

Cross-site scripting attacks are most often categorized as:

  • Reflected XSS—this type of attack is characterized by vulnerable websites accepting data (like malicious script) that has been sent by a target’s web browser, which then gets used to attack the target (hence “Reflected”
  • Persistent XSS—this type of attack gets stored (persisted) on the vulnerable server, for attack during usual interactions with the vulnerable site or application
  • DOM-based XSS—this type of attack has the vulnerability hidden in the client-side scripts that are always provided to site visitors; it does not directly serve up this malicious script to the browser of the target

PREVENTING XSS ATTACKS

To limit or prevent XSS attacks, you can protect yourself by:

  • Sanitizing your user input by validating your input and encoding your output to prevent any potentially malicious data provided by the user which can trigger automatic load-and-execute behavior in a web-browser
  • Limiting the amount of data you provide as a user, only using them when necessary
  • Adhering to the content security policy
  • Consistently use web vulnerability scanning tools to effectively identify XSS vulnerabilities in your current software.

Companies like Hikvision protect their products from such threats applying all possible preventing tricks, so the demand of their stocks are rising in stock markets.

About Martin Hadden

Check Also

Backlink Building the right way for SEO

SEO may be the collective term relating towards the techniques accustomed to strengthen your website ...

How you can Hire Expert Search engine optimization Company

Looking optimization market is a brand new emerging one and we’re not so familiar about ...

Rethinking Group Strategy With Team Development Games

Building on group strategies and highlighting various weaknesses and strengths through team development games could ...

How to get Your Drawing to Photoshop and Illustrator

For those who have a painting, and you need to refine it, you should use ...