Web development
Publié le - 1800 vues -

Do you know the attack of XSS ?

The cross-site scripting, or XSS, is the most present attack on Web, and of rather far. It is indicated by many names, including flaw guestbooks, simply because they have allowed a generalization of these vulnerabilities. The XSS vulnerability is characterized by a possible injection of HTML or JavaScript code in poorly protected variables. The attacker will be able to change any aspect of the site or to inject scripts in what the victim then goes to see in the screen.There are two types of XSS attacks.

The non-persistent XSS

The non-persistent XSS results from the use of datas provided by the user in any script, without modifying them. Typically, an online simulation or a statistics page. Thus, if these datas are not changed, you can add the script to the script that will be executed itself. This is the simplest attack. It is not saved in a file or in a database: it is ephemeral.
By modifying the datas to be processed, the result of XSS will only change the page that the user can display. This may seem mild, but it is much less so when the attacker uses the Social Engineering pages and broadcasts trapped in this way. This kind of vulnerabilities are often used to launch spam campaigns to tarnish the image of a site (redirects, appearance modifications) or steal informations.

The persistent XSS

The persistent XSS allows holdings further. It is this flaw in the forums, registration forms and guestbooks. Data entries are stored in databases and are returned when a user requests them. This vulnerability may allow client side or server side executions and can enable any kind of exploitation, recovery of cookies to the execution of malicious scripts. The principle is that the malicious script is saved in the datas of the site. It will be displayed each time you open the site and may be visible to all users. More dangerous, this vulnerability allows an attacker to retrieve users datas in cookies of many sites, for example.

The most suitable solution against this flaw is to use htmlspecialchars and trust our php development company !

Les publications similaires de "Devlopment"

  1. 4 Janv. 2020The frameworks for Php web development299 vues
  2. 4 Nov. 2019How to master the most popular server-side scripting languages in existence today421 vues
  3. 21 Juin 2019The best PHP developers819 vues
  4. 27 Oct. 2018Advanced technology solutions for companies1486 vues
  5. 20 Sept. 2018What our programming can do for you !1505 vues
  6. 18 Sept. 2018As a developer find out where to start your career1598 vues
  7. 8 Mai 20183 ways to simplify your business process1519 vues
  8. 1 Avril 2018Stress resilience strategies with Iwd-Europe750 vues
  9. 24 Avril 2017Why a developer should know about magento ?2106 vues
  10. 22 Déc. 2016We're not Tech Savvy We're RUBY SAVVY2067 vues
  11. 11 Déc. 2016Our agency helps you in the development of the Lodgify.com Software2669 vues