Web development
Publié le - 1713 vues -

Do you know the attack of XSS ?

The cross-site scripting, or XSS, is the most present attack on Web, and of rather far. It is indicated by many names, including flaw guestbooks, simply because they have allowed a generalization of these vulnerabilities. The XSS vulnerability is characterized by a possible injection of HTML or JavaScript code in poorly protected variables. The attacker will be able to change any aspect of the site or to inject scripts in what the victim then goes to see in the screen.There are two types of XSS attacks.

The non-persistent XSS

The non-persistent XSS results from the use of datas provided by the user in any script, without modifying them. Typically, an online simulation or a statistics page. Thus, if these datas are not changed, you can add the script to the script that will be executed itself. This is the simplest attack. It is not saved in a file or in a database: it is ephemeral.
By modifying the datas to be processed, the result of XSS will only change the page that the user can display. This may seem mild, but it is much less so when the attacker uses the Social Engineering pages and broadcasts trapped in this way. This kind of vulnerabilities are often used to launch spam campaigns to tarnish the image of a site (redirects, appearance modifications) or steal informations.

The persistent XSS

The persistent XSS allows holdings further. It is this flaw in the forums, registration forms and guestbooks. Data entries are stored in databases and are returned when a user requests them. This vulnerability may allow client side or server side executions and can enable any kind of exploitation, recovery of cookies to the execution of malicious scripts. The principle is that the malicious script is saved in the datas of the site. It will be displayed each time you open the site and may be visible to all users. More dangerous, this vulnerability allows an attacker to retrieve users datas in cookies of many sites, for example.

The most suitable solution against this flaw is to use htmlspecialchars and trust our php development company !

Les publications similaires de "Devlopment"

  1. 21 Juin 2019The best PHP developers347 vues
  2. 27 Oct. 2018Advanced technology solutions for companies986 vues
  3. 20 Sept. 2018What our programming can do for you !1050 vues
  4. 18 Sept. 2018As a developer find out where to start your career1146 vues
  5. 8 Mai 20183 ways to simplify your business process1338 vues
  6. 1 Avril 2018Stress resilience strategies with Iwd-Europe598 vues
  7. 24 Avril 2017Why a developer should know about magento ?1938 vues
  8. 22 Déc. 2016We're not Tech Savvy We're RUBY SAVVY1922 vues
  9. 11 Déc. 2016Our agency helps you in the development of the Lodgify.com Software2501 vues
  10. 13 Nov. 2016How to securise your website ?2056 vues
  11. 1 Nov. 2016Php is a knowledge that we master perfectly - Simplyphp.com1945 vues