Web development
Publié le - 1500 vues -

Do you know the attack of XSS ?

The cross-site scripting, or XSS, is the most present attack on Web, and of rather far. It is indicated by many names, including flaw guestbooks, simply because they have allowed a generalization of these vulnerabilities. The XSS vulnerability is characterized by a possible injection of HTML or JavaScript code in poorly protected variables. The attacker will be able to change any aspect of the site or to inject scripts in what the victim then goes to see in the screen.There are two types of XSS attacks.

The non-persistent XSS

The non-persistent XSS results from the use of datas provided by the user in any script, without modifying them. Typically, an online simulation or a statistics page. Thus, if these datas are not changed, you can add the script to the script that will be executed itself. This is the simplest attack. It is not saved in a file or in a database: it is ephemeral.
By modifying the datas to be processed, the result of XSS will only change the page that the user can display. This may seem mild, but it is much less so when the attacker uses the Social Engineering pages and broadcasts trapped in this way. This kind of vulnerabilities are often used to launch spam campaigns to tarnish the image of a site (redirects, appearance modifications) or steal informations.

The persistent XSS

The persistent XSS allows holdings further. It is this flaw in the forums, registration forms and guestbooks. Data entries are stored in databases and are returned when a user requests them. This vulnerability may allow client side or server side executions and can enable any kind of exploitation, recovery of cookies to the execution of malicious scripts. The principle is that the malicious script is saved in the datas of the site. It will be displayed each time you open the site and may be visible to all users. More dangerous, this vulnerability allows an attacker to retrieve users datas in cookies of many sites, for example.

The most suitable solution against this flaw is to use htmlspecialchars and trust our php development company !

Les publications similaires de "Devlopment"

  1. 27 Oct. 2018Advanced technology solutions for companies84 vues
  2. 20 Sept. 2018What our programming can do for you !106 vues
  3. 18 Sept. 2018As a developer find out where to start your career179 vues
  4. 8 Mai 20183 ways to simplify your business process432 vues
  5. 1 Avril 2018Stress resilience strategies with Iwd-Europe390 vues
  6. 24 Avril 2017Why a developer should know about magento ?1698 vues
  7. 22 Déc. 2016We're not Tech Savvy We're RUBY SAVVY1755 vues
  8. 11 Déc. 2016Our agency helps you in the development of the Lodgify.com Software2220 vues
  9. 13 Nov. 2016How to securise your website ?1833 vues
  10. 1 Nov. 2016Php is a knowledge that we master perfectly - Simplyphp.com1742 vues
  11. 29 Sept. 2016How to build a static site ?1709 vues