PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
September 2012

A new framework for preventing XSS attacks

As many organizations still struggle to manage security components such as antivirus, firewalls and spam filters, the threat landscape has evolved into a much more sophisticated and dangerous environment that can undermine the effectiveness of traditional protection measures. Studies compiled by Ceznic, Symantec, Gartner and other companies indicate that the majority of attacks on IT enterprise today occur at the application layer and are remotely exploitable. Cross-site scripting (XSS) tops these results making it, according to OWASP, the most “prevalent and pernicious” Web application security vulnerability. This attack has been used with success on PayPal, eBay, Twitter and many other real-world large Web applications. Read on to understand how attackers exploit XSS vulnerabilities and ways for preventing XSS attacks. CROSS-SITE SCRIPTING BASICS Cross-site scripting (XSS) vulnerabilities date back to 1996,not long after the inception of the Web, when websites were constructed using HTML Frames and JavaScript. At that time, ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue