- 12 May 2013
- 1,212
- 0
Cross-site Scripting(XSS) is a form of security vulnerability typically
found in web applications. Xss Enables attackers to inject malicious
scripts info web pages viewed by other users.
Xss attacks are one of the most prevalent forms of
Web Attack, Accounting for an astonishing 12.75% of all
web attacks.
What is XSS?
Xss is a security abbreviation for Cross-Site Scripting
Promient sites affected by Xss Attacks in the post include:Twitter Facebook,MySpace
& Youtube In recent years Xss vulnerabilities have become
one of the most prevalent exploited security vulnerabilities.
Approximately 70% of all web vulnerabilities are Xss Related.
How Does an XSS Attack Work?
hackers design a malicious script usually with the purpose of mining user data like usernames,passwords or billing details.
Hackers inject the malicious script into a legitimale
website, The script acts as a hidden layer to the user,
similar to the concept behind on illicit Atm skimmer.
Hackers the receive feedback from the script,succesfully
harvesting user data
Types of Xss Attacks :
Reflected Attack
A Reflected attack is where the injected
script is reflected off a web server as a request,
such as a normal search result, error message or
subsequent link. Reflected attacks target users differently,
often masquerading in emails or hidden links. The browser
executes the code because it came form a trusted server.
Stored Attack
A Stored Attack is script that is injected and stored on the
target servers,such as in a comment, database or forum the
script may then be executed while a legitimale user is using
the site.
Statics:
The percentage of Web Attacks that are XSS Attacks.
Approximately 70% of all web vullnerabilities are Xss-releated.
90% of all websites have at least one vulnerability.
Xss Attacks are speculated to be the third most popular form of web attack.
6.The percentage of the top 1,000 websites in the world that have been victim to a succesful Xss Attack.
Poetential cost of an Xss Attack:
User information Theft
Data Breach
Use of Website for Malicious Purposes.
Mitigation
Two very basic techniques you can use to sanitize incoming data,similar to that of parameterized inputs of mitigating SQL injection attacks;Whitelisting uses a list of approved data,that can only be executed.Whitelisting is the most secure.Blacklisting uses a list of prohibited data to exclude from execution.
Application Security
At its core Barricade works like an early warning system against any attempts at of breaching the security of your servers.By using attack mitigation products like Barricade you can be a step ahead of the game.Barricade quietly watches in the background and can idenfity any security threats.In the event there is any serious activity Barricade notifies you and provide detailed steps needed to solve the situation.
found in web applications. Xss Enables attackers to inject malicious
scripts info web pages viewed by other users.
Xss attacks are one of the most prevalent forms of
Web Attack, Accounting for an astonishing 12.75% of all
web attacks.
What is XSS?
Xss is a security abbreviation for Cross-Site Scripting
Promient sites affected by Xss Attacks in the post include:Twitter Facebook,MySpace
& Youtube In recent years Xss vulnerabilities have become
one of the most prevalent exploited security vulnerabilities.
Approximately 70% of all web vulnerabilities are Xss Related.
How Does an XSS Attack Work?
hackers design a malicious script usually with the purpose of mining user data like usernames,passwords or billing details.
Hackers inject the malicious script into a legitimale
website, The script acts as a hidden layer to the user,
similar to the concept behind on illicit Atm skimmer.
Hackers the receive feedback from the script,succesfully
harvesting user data
Types of Xss Attacks :
Reflected Attack
A Reflected attack is where the injected
script is reflected off a web server as a request,
such as a normal search result, error message or
subsequent link. Reflected attacks target users differently,
often masquerading in emails or hidden links. The browser
executes the code because it came form a trusted server.
Stored Attack
A Stored Attack is script that is injected and stored on the
target servers,such as in a comment, database or forum the
script may then be executed while a legitimale user is using
the site.
Statics:
The percentage of Web Attacks that are XSS Attacks.
Approximately 70% of all web vullnerabilities are Xss-releated.
90% of all websites have at least one vulnerability.
Xss Attacks are speculated to be the third most popular form of web attack.
6.The percentage of the top 1,000 websites in the world that have been victim to a succesful Xss Attack.
Poetential cost of an Xss Attack:
User information Theft
Data Breach
Use of Website for Malicious Purposes.
Mitigation
Two very basic techniques you can use to sanitize incoming data,similar to that of parameterized inputs of mitigating SQL injection attacks;Whitelisting uses a list of approved data,that can only be executed.Whitelisting is the most secure.Blacklisting uses a list of prohibited data to exclude from execution.
Application Security
At its core Barricade works like an early warning system against any attempts at of breaching the security of your servers.By using attack mitigation products like Barricade you can be a step ahead of the game.Barricade quietly watches in the background and can idenfity any security threats.In the event there is any serious activity Barricade notifies you and provide detailed steps needed to solve the situation.
Turkish translation: http://www.turkhackteam.org/web-server-guvenligi/1244167-xss-saldiri-anatomisi-t3rmin4tor.html
Son düzenleme:
