| Topic : E-Business Security |
|
|
|
||
|
Activity:
4 comments
276 views
last activity : 07 06 2010 20:18:04 +0000
|
||
|
|
Cross Site Scripting - XSS - A potential threat for you
Websites are changing face allover and more and more dynamic contents are coming up. Not only that, with the advent of e-commerce, as web space has grown into a lucrative business space, more websites are offering services or goods. These offers have enough to lure all the hackers and crackers and they are really exploring all the options to break your security lock and steal all you offer. XSS or cross site scripting is one such weapon which are mostly used by the hackers.
What basically is Cross Site Scripting or XSS? Your website may have many input options which you use to collect information from user. So if anybody can use the input option and injects a javascript then the javascript will reside at your end, but will run maliciously to collect user data. Say if you run a forum and user has option to post javascript and HTML and if a user posts malicious script there, then the script can run and can steal session data of another user. Not only that script can be embedded in form of simple user input. Like one can embed script in the address input part of your user registration section.
What are the threats? The XSS attack can cause small to severe damage to our website. It can hijack login information of another user, can change user or administration settings, cookie poisoning also placing unwanted advertisement.
How scripts can be injected? The scripts are injected in several ways. One is through any input form like registration form, article posting form etc. Another way is through the URL where path info is injected. The path info injection becomes vulnerable if anybody prints the current script path in the document like $_SERVER['PHP_SELF']. If it is through any form the script gets stored in the database and when the page is requested, the script gets active.
Prevention: It is always better to convert al database content to html entities before throwing into the browser. Also creating a filter for user input works as well.
|
|
People today who are hooked on to these social networking sites are teenagers and youngsters... |
|
|
298 referals
23 votes,
868 views
|
|
|
The world's biggest social networking site Facebook faces a unique challenge next week when it... |
|
|
1089 referals
21 arguments,
366 views
|
|
|
If, as the old expression goes, imitation is the sincerest form of flattery then the top brass... |
|
|
661 referals
11 votes,
1579 views
|
|
|
|
|
|
|
|
|
The subject should be rather in form of a statement. A bold statement . Yes!! Yes!! When you get... |
|
|
1386 referals
8 comments,
104 views
|
|
|
A day after he resigned, Santosh Sarode (31), a software engineer, allegedly strangled his... |
|
|
1600 referals
32 comments,
1538 views
|
|
|
Video by Discount Gift Cards Buy Gift Cards , Sell Gift Cards , and Trade Gift Cards at... |
|
|
0 referals
1 comments,
90 views
|
|
|
|
|
|
|
Waterfall is the thing of the past. Agile is always better because 1. Each cycle is short. You have enough scope to fix a problem. 2. Each target is short and thereby achievable. 3. One shortfall in any cycle can be solved in the next cycle .. And... |
You should not jump into action after receiving the customer complaint. The word complaint is negative. Take it as feedback and not complaint. In my opinion you should proceed in this way. 1. Receive complaint 2. Response to customer that you are... |
Just Zero on some big job sites like Naukri, Monster and do regular search. Keep your profile updated and keep contact with all your friends. That's it. |