Tech Insight: XSS Exposed

Pervasive Web application vulnerability is often misunderstood -- with dangerous consequences
By John Sawyer DarkReading - A Special Analysis for Dark Reading

SQL injection has been getting most of the attention lately, but the average SQL injection attack isn't nearly as sophisticated and difficult to pull off as a well-crafted cross-site scripting (XSS) attack:

XSS affects all victims of a vulnerable Website, stealing their credentials, exploiting their Web browsers, and taking action on behalf of them without their knowledge.



XSS has been the reigning champion of Web application vulnerabilities in the sheer number of applications that house this vulnerability. Like SQL injection, XSS is a flaw caused by a lack of validation of user input. But instead of attacking the Web application or database server directly, the XSS attack hits the Web app's victims and executes malicious code in the victims' Web browsers.



Continue Dark Reading













Reblog this post [with Zemanta]

Posted by John B. Frank Tuesday, September 8, 2009

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers