Posts Tagged ‘XSS’
Cross Site Scripting and how to remediate
When input isn’t properly validated and encoded Cross Site Scripting or XSS is possible. This is when an attacker is able to execute a dynamic script. To prove that a page is vulnerable to XSS I usually just do an alert pop up stating “XSS found by Matt”. A black hat hacker can use this vulnerability to steal the user’s credentials or mounting phishing attacks or man in the middle attacks. To remediate this vulnerability all input needs a white list validation scheme accepting only known good input and encode all output to prevent the script from running.
Matt Parsons, CISSP, MSM, CWASE
mparsons@parsonsisconsulting.com