Access "A new framework for preventing XSS attacks "
This article is part of the September 2012 issue of Setting up for BYOD success with enterprise mobile management and mobile application security
As many organizations still struggle to manage security components such as antivirus, firewalls and spam filters, the threat landscape has evolved into a much more sophisticated and dangerous environment that can undermine the effectiveness of traditional protection measures. Studies compiled by Ceznic, Symantec, Gartner and other companies indicate that the majority of attacks on IT enterprise today occur at the application layer and are remotely exploitable. Cross-site scripting (XSS) tops these results making it, according to OWASP, the most “prevalent and pernicious” Web application security vulnerability. This attack has been used with success on PayPal, eBay, Twitter and many other real-world large Web applications. Read on to understand how attackers exploit XSS vulnerabilities and ways for preventing XSS attacks. CROSS-SITE SCRIPTING BASICS Cross-site scripting (XSS) vulnerabilities date back to 1996,not long after the inception of the Web, when websites were constructed using HTML Frames and JavaScript. At that time, XSS attacks involved the use ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
A new framework for preventing XSS attacks
by Joseph Bugeja and Geraint Price
Understand how cross-site scripting attacks work and how to prevent them.
-
Security as a Service: Benefits and risks of cloud-based security
by Joseph Granneman
Know the pros and cons to cloud-based security services before making the leap.
-
A new framework for preventing XSS attacks
by Joseph Bugeja and Geraint Price
-
-
Malware analysis tools and techniques failing but researchers aim for improvement
by Robert Westervelt, News Director
Malware analysis is falling short but some security researchers are working to reverse the trend.
-
Mobile application security best practices in a BYOD world
by Russ McRee, Contributor
Mobile applications are proliferating in the enterprise, posing new risks to enterprises and requiring mitigation.
-
Malware analysis tools and techniques failing but researchers aim for improvement
by Robert Westervelt, News Director
-
Columns
-
Marcus Ranum chat: The information security metrics dilemma
by Marcus J. Ranum, Contributor
Security expert Marcus Ranum goes one-on-one with Alex Hutton about the problems with security metric efforts.
-
Reflections on changing information security trends
by Michael S. Mimoso, Editorial Director
Veteran security journalist reminisces about covering the industry and says farewell to TechTarget.
-
BYOD policy: The costs and potential ROI
by Andrew Braunberg, Contributor
Security pros need to understand the total costs and potential ROI of BYOD policies.
-
Marcus Ranum chat: The information security metrics dilemma
by Marcus J. Ranum, Contributor
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...