Cross Site Scripting ?
Hello Steem Fam!
Today Let's talk about another Topic
Cross Site Scripting!(XSS)
What is Cross Site Scripting (XSS)
- Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pagesviewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls
Types of Cross Site Scripting
Non Reflected
Reflected
How to Prevent XXS?
- Escape
- The first method you can and should use to prevent XSS vulnerabilities from appearing in your applications is by escaping user input. Escaping data means taking the data an application has received and ensuring it’s secure before rendering it for the end user. By escaping user input, key characters in the data received by a web page will be prevented from being interpreted in any malicious way. In essence, you’re censoring the data your web page receives in a way that will disallow the characters – especially < and > characters – from being rendered, which otherwise could cause harm to the application and/or users.
- Validating Input
- Validating input is the process of ensuring an application is rendering the correct data and preventing malicious data from doing harm to the site, database, and users. While whitelisting and input validation are more commonly associated with SQL injection, they can also be used as an additional method of prevention for XSS. Whereas blacklisting, or disallowing certain, predetermined characters in user input, disallows only known bad characters, whitelisting only allows known good characters and is a better method for preventing XSS attacks as well as others.
- Sanitizing
- A third way to prevent cross-site scripting attacks is to sanitize user input. Sanitizing data is a strong defense, but should not be used alone to battle XSS attacks. It’s totally possible you’ll find the need to use all three methods of prevention in working towards a more secure application. Sanitizing user input is especially helpful on sites that allow HTML markup, to ensure data received can do no harm to users as well as your database by scrubbing the data clean of potentially harmful markup, changing unacceptable user input to an acceptable format.
Cross site scripting can lead to various types of problems including privacy of users and is one of the most used attacks by hackers....
Be safe !
Follow
Join and Get your Sweet now cuz they are so SWEEEEET!!
Thanks And don't forget to Upvote Resteem Follow and Join For more
Source