XSS Attacks Detection And Protection

Words
689 (2 pages)
Downloads
40
Download for Free
Important: This sample is for inspiration and reference only

Nowadays, almost every site uses scripting language such as “JavaScript” and browsers run the trusted web pages in the client side, so when hackers inject any script within these trusted websites, by default the browser will run these scripts, so how can that affect the user, and how can website owners protect their websites from these attacks? Introduction: Attacking the browser using scripts (Cross Site Scripting), otherwise known as XSS is a code injection attack allowing the injection of malicious code into a website, this attack occur when an attacker uses a web application to send malicious code in the form of a browser side(user side) script. Attacker can use XSS to send a script to an unsuspecting user. The end user’s browser does not know that the script cannot be trusted, by default it will execute the script, thinking that this script came from trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site, also these scripts can rewrite HTML page content.

No time to compare samples?
Hire a Writer

✓Full confidentiality ✓No hidden charges ✓No plagiarism

Types of XSS attacks 1- Persistent XSS: saved in DB2- DOM-based XSS: Client side code bugs 3- Reflected: where the code is originated from the victems request (attacker crafts links with built in malicious codes inside the request get parameters. We will cover some of the work relevant to DOM XSS attacks. First we will start by giving a simple XSS attack. Then we will check some used methods to stop such attacks and discuss why those methods fail. ”>this is the simplest form of an XSS vulnerability such website can be simply attacked by inserting a simple code into the form filling this input this vulnerability can be easily detected by viewing the source code of the page, any code such as:hello“> //Any js code here entering the code above with any JS code the attacker can think of. such codes could be passive ie: “mining bitcoins off of your computer” or active ie: destroying the whole website or redirecting you to a new website.

One method that is used to stop this is by using htmlspecialchars() function in PHP in the server side to make sure that any input from the user will not contain any HTML tags in it by replacing the charecters “<” and “>” into “<” and “>”. Another method is using htmlentities() function which replaces every character into it’s corresponding html equivalent. One more method us using strip_tags() and this one is the most commonly used one this function removes all HTML elements from the string except the ones permitted by the developer ie: or for forums. those methods fail because in the same example above an attacker would be able to write the following code: Hello” style=”width: expression(alert(”hello”));” Using the style attribute to initiate a JS code will render the methods above useless because of todays browsers and their ability to execute those scripts. Note that the alert is a js code and that can be replaced by other codes to redirect you or destroy the current page Ie: making an alert on mouse hover and making the width and height of the input equals the width and height of the page that will render the web page useless for any other user.

Other searches conducted on XSS showed that it’s the most popular variability among websites today readthedocs indicated that %65 of websites today have an XSS vulnerability one way or another. another thing that can be used in XSS is cookie theft using JS codes and some ajax to save those cookies on another server if needed. Commonly used Libraries such as the WYSIWYG rich text editors are now essential to many websites now a days those editors can lead to serious XSS loopholes as they use HTML tags to edit the look of the text, such editors are mostly used to show other people the text edited by one user in a more presentable matter one problem is the codes cannot be tag stripped because the tags are needed to represent the text as it was written on those rich text editors.

You can receive your plagiarism free paper on any topic in 3 hours!

*minimum deadline

Cite this Essay

To export a reference to this article please select a referencing style below

Copy to Clipboard
XSS Attacks Detection And Protection. (2020, July 22). WritingBros. Retrieved November 23, 2024, from https://writingbros.com/essay-examples/xss-attacks-detection-and-protection/
“XSS Attacks Detection And Protection.” WritingBros, 22 Jul. 2020, writingbros.com/essay-examples/xss-attacks-detection-and-protection/
XSS Attacks Detection And Protection. [online]. Available at: <https://writingbros.com/essay-examples/xss-attacks-detection-and-protection/> [Accessed 23 Nov. 2024].
XSS Attacks Detection And Protection [Internet]. WritingBros. 2020 Jul 22 [cited 2024 Nov 23]. Available from: https://writingbros.com/essay-examples/xss-attacks-detection-and-protection/
Copy to Clipboard

Need writing help?

You can always rely on us no matter what type of paper you need

Order My Paper

*No hidden charges

/