parsonsisconsulting

Parsons Software Security Consulting Blog

Cross Site Scripting and how to remediate

leave a comment »

When input isn’t properly validated and encoded Cross Site Scripting or XSS is possible.   This is when an attacker is able to execute a dynamic script.   To prove that a page is vulnerable to XSS I usually just do an alert pop up stating “XSS found by Matt”.   A black hat hacker can use this vulnerability to steal the user’s credentials or mounting phishing attacks or man in the middle attacks.   To remediate this vulnerability all input needs a white list validation scheme accepting only known good input and encode all output to prevent the script from running.  

Matt Parsons, CISSP, MSM, CWASE

mparsons@parsonsisconsulting.com

Image

Written by mparsons1980

June 25, 2013 at 2:27 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: