Web development
Publié le - 901 vues -

Do you know the attack of XSS ?

The cross-site scripting, or XSS, is the most present attack on Web, and of rather far. It is indicated by many names, including flaw guestbooks, simply because they have allowed a generalization of these vulnerabilities. The XSS vulnerability is characterized by a possible injection of HTML or JavaScript code in poorly protected variables. The attacker will be able to change any aspect of the site or to inject scripts in what the victim then goes to see in the screen.There are two types of XSS attacks.

The non-persistent XSS

The non-persistent XSS results from the use of datas provided by the user in any script, without modifying them. Typically, an online simulation or a statistics page. Thus, if these datas are not changed, you can add the script to the script that will be executed itself. This is the simplest attack. It is not saved in a file or in a database: it is ephemeral.
By modifying the datas to be processed, the result of XSS will only change the page that the user can display. This may seem mild, but it is much less so when the attacker uses the Social Engineering pages and broadcasts trapped in this way. This kind of vulnerabilities are often used to launch spam campaigns to tarnish the image of a site (redirects, appearance modifications) or steal informations.

The persistent XSS

The persistent XSS allows holdings further. It is this flaw in the forums, registration forms and guestbooks. Data entries are stored in databases and are returned when a user requests them. This vulnerability may allow client side or server side executions and can enable any kind of exploitation, recovery of cookies to the execution of malicious scripts. The principle is that the malicious script is saved in the datas of the site. It will be displayed each time you open the site and may be visible to all users. More dangerous, this vulnerability allows an attacker to retrieve users datas in cookies of many sites, for example.

The most suitable solution against this flaw is to use htmlspecialchars and trust our php development company !

Les publications similaires de "Devlopment"

  1. 24 Avril 2017Why a developer should know about magento ?681 vues
  2. 22 Déc. 2016We're not Tech Savvy We're RUBY SAVVY953 vues
  3. 11 Déc. 2016Our agency helps you in the development of the Lodgify.com Software1223 vues
  4. 13 Nov. 2016How to securise your website ?1066 vues
  5. 1 Nov. 2016Php is a knowledge that we master perfectly - Simplyphp.com1044 vues
  6. 29 Sept. 2016How to build a static site ?1087 vues
  7. 21 Sept. 2016ROR is not about technique, it's just about logic !848 vues
  8. 16 Sept. 2016What is the next code that every clients will want ?591 vues
  9. 17 Déc. 2015How to mark PHP code in Html Code ?1700 vues
  10. 6 Déc. 2015Work with Laravel, work with great developers !1550 vues
  11. 14 Nov. 2015One web to print plugin for everybody, developers, manager and user.1730 vues