Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. They are unique in that, rather than attacking a server directly, they use a vulnerable server as a vector to attack a client. This can lead to extreme difficulty in tracing attackers, especially when requests are not fully logged (such as POST requests). Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper explores those possibilities.
Did you find this white paper useful?
26 out of 50 users found this white paper useful
Related white papers
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Web application security: automated scanning versus manual penetration testing
Web sites are vulnerable to Web application attacks and a great percentage of these attacks occur over the HTTP/S protocols, ports that are often exposed to the entire online community....
Implementing Application Security Using the .NET Framework (Part 2 of 3) (Level 200)
This presentation specifically addresses Authentication in the context of secure application development. After an overview of the costs of inadequate security and the benefits of developing secure applications, this presentation...
Staffing Service Improves Productivity and Service With Genuine Software
Jawood Management Associates is a professional staffing agency that places hundreds of contract workers with its clientele each year. The company needed increased reliability from its IT environment and an...
Longhorn Security Enhancements
This webcast provides an overview of security improvements in Longhorn.
