parsonsisconsulting

Parsons Software Security Consulting Blog

Posts Tagged ‘XSS

Cross Site Scripting and how to remediate

leave a comment »

When input isn’t properly validated and encoded Cross Site Scripting or XSS is possible.   This is when an attacker is able to execute a dynamic script.   To prove that a page is vulnerable to XSS I usually just do an alert pop up stating “XSS found by Matt”.   A black hat hacker can use this vulnerability to steal the user’s credentials or mounting phishing attacks or man in the middle attacks.   To remediate this vulnerability all input needs a white list validation scheme accepting only known good input and encode all output to prevent the script from running.  

Matt Parsons, CISSP, MSM, CWASE

mparsons@parsonsisconsulting.com

Image

Written by mparsons1980

June 25, 2013 at 2:27 pm