Cross-site Scripting, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.This allows hijacking the current session of the user or changing the look of the page by changing the HTML.This happens because the input entered by a user has been interpreted as HTML/JavaScript/VBScript by the browser.
Cross-site scripting targets the users of the application instead of the server.There are many different attacks that can Hijack user's active session.Mounting phishing attacks.Intercepting data and performing man-in-the-middle attacks.
To avoid this, output should be encoded according to the output location and context. You should implement a strong Content Security Policy (CSP) as a defense-in-depth measure if an XSS vulnerability is mistakenly introduced.
CSP will act as a safeguard that can prevent an attacker from successfully exploiting Cross-site Scripting vulnerabilities.
No comments:
Post a Comment