Sin 7: Cross-Site Scripting

Previous page
Table of content
Next page

Overview of the Sin

Cross-site scripting (XSS) bugs are a form of security defect unique to web-based applications that allow user data tied to the vulnerable web servers domain, usually held in cookies, to be disclosed to a malicious third party. Hence the term cross-site: the cookie is transferred from a client computer accessing a valid, but vulnerable, web-server site to a site of the attackers bidding. At least, this is the most common type of attack using XSS. There is another kind of XSS attack that is somewhat like a web-site defacement attack, which is covered later in this chapter.

Note 

XSS bugs are often referred to as CSS bugs, but people tend to refer to cross-site scripting as XSS, because CSS usually refers to cascading style sheets.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Mapping Hacks: Tips & Tools for Electronic Cartography
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
Java All-In-One Desk Reference For Dummies
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy