Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 442 |Likes:
Published by ishan_alok
Report on XSS Attack
Report on XSS Attack

More info:

Published by: ishan_alok on Oct 08, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





XSS Attack Page 1
XSS Attack 
XSS Attack Page 2
Cross-Site Scripting (XSS) attacks are a type of injection problem, in which maliciousscripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS)attacks occur when an attacker uses a web application to send malicious code, generally inthe form of a browser side script, to a different end user. Flaws that allow these attacks tosucceed are quite widespread and occur anywhere a web application uses input from a user inthe output it generates without validating or encoding it.An attacker can use XSS to send a malicious script to an unsuspecting user. The
end user‘s browser has no way to know that the script should not be trusted, and will execute
the script. Because it thinks the script came from a trusted source, the malicious script canaccess any cookies, session tokens, or other sensitive information retained by your browserand used with that site. These scripts can even rewrite the content of the HTML page.An exploited cross-site scripting vulnerability can be used by attackers to bypassaccess controls such as the same origin policy. Recently, vulnerabilities of this kind have beenexploited to craft powerful phishing attacks and browser exploits. Cross-site scripting wasoriginally referred to as CSS, although this usage has been largely discontinued.
XSS allows attackers to execute script in the victim‘s browser which can hijack user 
sessions, deface web sites, or redirect the user to malicious sites.
XSS Attack Page 3
---------------------------------------------------------------------------------------------------------- ---3CHAPTER 1- INTRODUCTION1.1 Background--------------- --------------------------------------------------------------------------------61.2 Theory of XSS ---------------------------------------------------------------------------------------------8CHAPTER 2 - Types2.1 Persistent---------------------------------------------------------------------------------------------------112.2 Non Persistent------------------------------------------------------------------------------------------- -122.3 DOM Based------------------------------------------------------------------------------------------------132.4 Real World Examples------------------------------------------------------------------------------------14CHAPTER 3 - Mitigation and Prevention3.1 Contextual Output Encoding ---------------------------------------------------------------------------153.2 Safely Validating Untrusted HTML Input ------------------------------------------------------------153.3 Cookie Security --------------------------------------------------------------------------------------------163.4 Disabling Scripts--------------------------------------------------------------------------------------------16CHAPTER 4 - Automated Tools--------------------------------------------------------------------------------------17CONCLUSION-----------------------------------------------------------------------------------------------------------19REFERENCES------------------------------------------------------------------------------------------------------------20

Activity (5)

You've already reviewed this. Edit your review.
1 thousand reads
1 thousand reads
1 hundred reads
rambo liked this
rambo liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->