Slideshow: Five common Web application vulnerabilities and mitigations


XSS vulnerabilities? Time for a visit to the security control library

Source:  Thinkstock

Along with injection vulnerabilities, cross-site scripting (XSS) vulnerabilities are among the most likely and serious issues that crop up in Web applications. To take advantage of an XSS flaw, attackers inject code, usually a client-side script such as JavaScript, into a Web application's output. Once the compromised output is viewed, the code is executed by the browser, which allows the user session to be hijacked and the user redirected to a malicious page.

Much like injection vulnerabilities, XSS attacks rely on user-supplied data not being properly validated. Web applications should be coded to not trust externally supplied data, and all such data should be validated before ever reaching the application server. Instead of developers writing their own validation checks, they can use existing security control libraries, including OWASP's Enterprise Security API and Microsoft's Anti-Cross Site Scripting Library.

View All Photo Stories