Slideshow: Five common Web application vulnerabilities and mitigations

3/6

XSS vulnerabilities? Time for a visit to the security control library

Source:  Thinkstock

Along with injection vulnerabilities, cross-site scripting (XSS) vulnerabilities are among the most likely and serious issues that crop up in Web applications. To take advantage of an XSS flaw, attackers inject code, usually a client-side script such as JavaScript, into a Web application's output. Once the compromised output is viewed, the code is executed by the browser, which allows the user session to be hijacked and the user redirected to a malicious page.

Much like injection vulnerabilities, XSS attacks rely on user-supplied data not being properly validated. Web applications should be coded to not trust externally supplied data, and all such data should be validated before ever reaching the application server. Instead of developers writing their own validation checks, they can use existing security control libraries, including OWASP's Enterprise Security API and Microsoft's Anti-Cross Site Scripting Library.

View All Photo Stories

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close