WhitehatGuru
Related Articles
Today Websites becomes much more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. As we know this thing very well that Dynamic websites suffer from a threat that a simple static websites don’t, called “Cross Site Scripting” or “XSS”.
It is an attack technique that forces a web site to echo attacker-supplied executable code, which loads in a user’s browser. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user’s browser to execute his code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross- site Scripting attacks essentially compromise the trust relationship between a user and the web site
