CopyPastehas never been so tasty!

What is the Cross site scripting?

by alandavid

  • 0
  • 0
  • 0

Now days web application consist of on complex web application to deliver different output or content. And web site used the complex data for wide variety of users according to set preferences and specific needs. Web application with the ability to provide useful information to their customers. Web applications are available 24 hour for users.  Now day’s web application apically dynamic websites suffer from serious hacker attacks and organization helpless and prone to cross site scripting attacks on their data.

Cross scripting allows the attackers to embed malicious code like HTML, JavaScript, VBScript and flash into dynamic page to fool the user.  When this malicious code added in script and when code executing the malicious code on machine in order to gather the data. Mostly this data contain on hyper link of malicious code content which is distributed over any possible means on internet.

Cross scripting is one of the most common hacker strategy and they attacks on web application through cross scripting. Cross scripting embedded in page and it run on client side rather than on user side. Cross scripting itself is a threat which is bought about by the internet security weaknesses of client side scripting language.

For example cross scripting is when a malicious user injects a script in a shopping site URL which in turn redirects to a user to a fake but identical page. When malicious code added to user side when script it run then it capture the cookies of the user browsing the shopping site and then cookies sent to hacker. Cross site scripting has still exploited a scripting weakness in the page to snare to the malicious user now hack the legitimate user’s session. Malicious URL trick is often used. URLs are less obvious is to have the XSS part of the URL encoded in HEX. This will look harmless to the user who recognizes the URL he is familiar with and simply disregard and follow the trick code which would be encoded and therefore inconspicuous.

The hackers can formulate and distribute a custom crafted CSS URL just by using a browser to test the dynamic website response. And it is important that hacker must to know some HTML and JavaScript and a dynamic language to produce a URL which is not too suspicious looking. Any dynamic web pages which pass the parameters to database can be easily hack.

ISO 27001 UK is internationally recognized information security standard as a way of demonstrating their security credential to their clients.   ISO certification is good news for any size of business in any sector. ISO standard is help full in web application security.

Add A Comment: