Saturday, May 5, 2018

XSS Attacks

XSS Attacks - exploits a vulnerability in a website that the victim visits, in order to get the website to deliver the malicious JavaScript for him.

This Javascript can - 

1. Read Cookie.
2. Modify DOM.
3. Make XMLHTTPCalls.

Doing these three things actually leads to problems like - 

1. Cookie Theft - Can be dangerous if Attacker reads your session cookie and tries to get information out of it.
2. Key Logging - Add Key Listener and Read what user is Typing.
3. Phishing - Insert Login Forms in HTML.

So its very necessary to figure out Vulnerabilities in the Server Side and Client Side Code so that a XSS attack cannot be made. This can be done by securing  input handling. 

Which can be done in two ways - 

1. Encoding - escapes the user input so that the browser interprets it only as data, not as code.
2. Validation. - filters the user input so that the browser interprets it as code without malicious commands.

No comments:

Post a Comment