What is Cross Site Scripting?
Cross-Site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into trusted web sites. Often attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to trick a user to obtain sensitive data. Everything from account hijacking, changing of user names and settings, cookie theft /poisoning, or even false advertising is possible. These scripts can even rewrite the content of the HTML page.
Cross site scripting holes are gaining popularity among hackers. Websites from the FBI, CNN.com, Yahoo, Time.com, Ebay, Apple, Microsoft, and Newsbytes have all had one form or another of XSS bugs. Other popular attacks occur from guestbook and forum programs that allow users to submit posts with html and javascript embedded in them. For example, if I was a user named, “Sam”, and read a message by “Ann” that contained malicious javascript in it, then it may be possible for “Ann” to hijack my session just by reading her bulletin board post.
What are the risks involved?
Account user information can be seriously compromised as your site is updated or new information is added. If an XSS is not fixed, it may be discovered and publicized in a very negative way. This may damage your company reputation on lax security and lose trust in your current and new clients. Staying on top of attacks threats before they occur will ensure overall protection and security for both you, your clients and your future business.
How can we help protect your business?
By implementing our professional IT security service, we will optimize your current security status and perform a customized scan of your system. We will provide you with a detailed report revealing risk level, type of XXS attack, OWASP reference, a detailed description, the impact, solutions and an overall test result. At that point, we can then discuss and offer you solid active solutions and recommendations to ensure your business is safe, secure and protected in all ways.
For more information on how to protect your business, or think you may be under attack please contact us immediately.
© 2012 Toronto Professional services LTD. All rights reserved