The Biggest Threat to Website Security - XSS

08.05.08 - 01:25pm

One of the amazing things about the Internet is the proliferation of free software available, from programming languages to desktop software. On the flip side, one of the many dangers of having so much software available is that a lot of it is just not up to snuff, for many reasons. One of the most overlooked aspects of software security is cross-site scripting, or XSS.

Cross-site scripting is a vulnerability in many web pages the allows a malicious user to inject harmful strings of data into an application or web page. These can be done using a couple of different vectors, but usually involve the use of just passing extra HTML or Javascript into a vulnerability. A victim visiting the page may then be redirecting to a dangerous web page or even force software to run unwittingly.

RouterSo how do you, as a programmer, secure your application against such an attack? One of the many ways to find these vulnerabilities is to use an automated scanner. You can find one at Acunetix or other ones from Google. There is also a ton of information on the web on manually crafting code to check for problems as well. Here is an absolutely fantastic article on ways you can go about and manually check and see if your site suffers from these vulnerabilities.

XSS is a significant problem that would not be so widespread if people become more aware of what the software they are installing is actually doing, and if the programmers that write the software properly testing for these vulnerabilities when creating an application

Category: Security | Tags:

thinkPOP – Check it out! The TSA Drops the Ball AGAIN

No Comments Yet

You can be the first to comment!

Speak Your Peace

  • Comment Policy:Could go here if there's a nagging need Login Instructions: Would go here if there's a desire.