N/APosted on - 12/06/2014
What is the threat posed by Cross Site Scripting to my website? What are the types of XSS? What is a persistent XSS attack/ How is it carried out on a website? How is a non persistent XSS attack carried out? What are the common ways to protect a website from XSS?
Is XSS a real risk to my website?
Cross-Site Scripting or XSS is a kind of security vulnerability in a computer that is normally found in web applications. Cross-Site Scripting is an attack. It is a type of injection where malicious scripts are injected into trusted websites. This kind of attack happens when an attacker utilizes a web application to transmit malicious code.
The code is usually in the form of a browser side script that will direct to a different end user. These flaws that allow XSS attacks to be successful are widespread and happens anywhere a web application utilizes input from a user within the output it generates lacking validation. XSS attacks can be classified into 2 categories: stored, and reflected.
But there is actually a third category that is less popular type of XSS attack called DOM Based XSS. If you wish to know more about this, visit DOM Based XSS. Stored XSS attacks are those attacks where the injected script is stored on the target servers permanently. Examples are in a database, visitor log, a message forum, comment field, and others.
This type of attack is sometimes called Type-I XSS or Persistent. The reflected XSS attacks are those attacks where the injected script is reflected off the web server like in the form of an error message, search result, or any other response that contains a particular or the entire input sent to the server as part of the request.
To know more about Cross-Site Scripting attacks, please visit XSS Attacks and Different Types.