OWASP Top 10 – XSS

  • Sending untrusted data to system
  • sending text based attack scripts to exploit interpreter in browser

Impact

  • session hijacking
  • defacement
  • insert hostile content
  • redirect user

Solutions

  • escape all untrusted data
  • whitelisting
  • input validation
  • server-side validation
  • For rich content – auto sanitation library ex. OWASP Anti-SAMY

What's on your mind?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.