What is the cross-site scripting and how it can harmful for your application?

0 votes
400 views
Sanat Shukla asked 21-Nov-2018 in Technology by Sanat Shukla

What is the cross-site scripting and how it can harmful for your application?

Please describe in brief and under and understandable.

1 Answer

0 votes
John d'souza answered 22-Nov-2018 by John d'souza

XSS (cross-site scripting or cross-site security) is known as a type of security attack where the attacker injected the malicious code at the time of entering the data. OR Cross-Site Scripting (XSS) is like as hacking attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. OR Cross Site Scripting (also referred to as XSS) is a kind of vulnerability that occurs when some hacker injects malicious code (ideally script) inside a web page or the database. If the hacker once gives these codes injected into the end user's browser. And if this code run on then it makes access to cookies, sessions, local files, etc. easier. The result of XSS may range from petty nuisance like displaying an alert box to a significant security risk like stealing session cookies.

What is the cross-site scripting and how it can harmful for your application?

These are some of the ways to use xss on your application that the attackers often use such as -

1). XSS

  • Standard XSS
  • DOM-based XSS 

2). HTML & CSS

3). Scripts or scripting language

  • JavaScript
  • VB script
  • etc.

4) SQL Injection 

What is the cross-site scripting and how it can harmful for your application?


Solution :-

  • 1). Escaping.
  • 2). Validating Input.
  • 3). Sanitizing.
  • 4). You MUST use the escape syntax for the part of the HTML document you're putting untrusted data into.
GurmeetKaur commented 22-Nov-2018 by GurmeetKaur
It's according to my own experience: After reading your article, There is no doubt that your article is very good. And you have done a great job for it. SQL Injection is also a better way to use for xss attacking.
       0
Johnd'souza commented 22-Nov-2018 by Johnd'souza
Thank you so much, Rahul, for reminding...
       0