- About
Company Profile - White Paper
IT Security Articles - why focus on
Security?
Security is Important - Services
How Can We Help
You? - Contact
Contact details
Cross Site Scripting (XSS Attack)
At times, certain web coding practices can cause serious security vulnerability, in turn adversely affecting a user and the website. A common example of such a hacking technique that causes security vulnerabilities is Cross Site Scripting where a hacker injects malicious content from another user and gathers data from the victim.
How does that happen? Websites today are chiefly dynamic in nature with complex web applications crafted to meet the requirements of numerous users and address their specific needs. However, the dynamic nature of these websites is the major reason behind the vulnerabilities, which makes them fall prey to cross site scripting attacks. Websites display web pages that contain text and HTML, translated by the user’s browser and generated through the server. Websites with dynamic pages face the difficulty of managing the way their output pages are understood by the client. For instance, if some malicious content is injected in the dynamic page, the client or the website will be unaware of the malicious injections.
A hacker collects malicious data through a hyperlink from a user. The hyperlink holds the malicious content, which is located in a website. When a user visits a website and clicks on the link the hacker sends the malicious data straight to the web application. After he clicks on the link, another page is created and the malicious content is generated within that page. The user remains absolutely unaware of the fake content and assumes it to be valid data generated from the web site.
Cross Site Scripting attacks have increasingly gained momentum in recent years, with instances of several commercial sites being attacked. Such attacks pose great risks to server applications. An attacker can lead users to a malicious server of his choice and extract secured information from the user or cause other damages. A hacker can also deface the home page of a website and post adverse comments against the site, thus, spoiling its reputation. Cross Site Scripting can craft requests in disguise of a valid user, alter user settings, conduct cookie poisoning and aid in account hijacking.
More...