Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. They are unique in that, rather than attacking a server directly, they use a vulnerable server as a vector to attack a client. This can lead to extreme difficulty in tracing attackers, especially when requests are not fully logged (such as POST requests). Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper explores those possibilities.
Did you find this white paper useful?
26 out of 50 users found this white paper useful
Related white papers
Introduction to Oracle Identity Management
Oracle Identity Management is an open, extensible, and standards-based infrastructure that can accommodate a wide variety of deployments, partner solutions and customer environments. For example, partner products may leverage Oracle...
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Ensuring Data Protection for Growing Business
Small and midsize businesses have become increasingly reliant on IT. In this paper, we look at how SMBs often progress through the IT adoption cycle, and some of the operational...
Managing the Windows Vista Migration
As organizations move to Windows Vista, they'll need a migration strategy that keeps conflicts and system disruptions in check, minimizes user downtime and inconvenience, and doesn't expose systems to security...
Solid Windows Vista Protection
The new security features included in Vista are a step forward in helping businesses defend against attacks, but they cannot be considered a complete, multi-layered defense. It goes without saying...
