Cross-site scripting attacks: A guide for developers and users

Originally Published:
Dec 2018

XSS attacks have been around for a long time, but that doesn’t mean they aren’t still a huge threat. This ebook discusses what cross-site scripting is, how it works, and steps developers and internet users can take to prevent the attacks.

From the ebook:

It’s easy to become convinced of the danger posed by the latest and most notable online threats, but bleeding edge cyberattacks aren’t necessarily as widespread or as persistently dangerous as older ones. Take cross-site scripting (XSS), for example. Microsoft first identified and categorized XSS attacks in 2000, but records of XSS attacks go back to the earliest days of the internet. Bug bounty hosting website HackerOne reported in July 2017 that XSS continues to be the most commonly found vulnerability among users of its platform.

With the threat of cross-site scripting unlikely to diminish, it’s essential that internet users and web developers know what XSS is and how to prevent these cyberattacks.

What is cross-site scripting?
Cross-site scripting is what happens when an attacker takes advantage of a vulnerability in a webpage to inject their own code. That code can steal user information, such as credentials, session cookies, and other sensitive data, and can even live persistently on a site to attack multiple users.

An XSS attack is unique because these vulnerabilities don’t target the website or web app they exploit—it’s only an attack vector. XSS uses scripts that are executed on a user’s machine. These scripts are called client-side scripts. The vast majority are coded in JavaScript or HTML, though other languages can be used for client-side scripts.

Get this asset with a TechProResearch Subscription

People who downloaded this also downloaded