Suggested answers to discussion questions



Download 0.51 Mb.
Page18/19
Date30.09.2021
Size0.51 Mb.
#57433
1   ...   11   12   13   14   15   16   17   18   19
rais12 SM CH08
c. Cross-site scripting
Cross site scripting (also known as XSS) occurs whenever a web application sends user input back to the browser without scrubbing it. The problem is that if the input is a script, the browser will execute it. The attack requires tricking a user into clicking on a hyperlink to a trusted website that is vulnerable to cross site scripting. The hyperlink will take the victim to that website, but it also contains a script. When the user’s browser visits the trusted website, it sends the input (the embedded script in the hyperlink) back to the browser. The browser then executes that script and sends information, often cookies that may contain authentication credentials, back to the attacker.

The best protection is that web sites should never replay user input verbatim back to the browser, but should always convert it to harmless HTML code first.


8.9 Physical security is extremely important. Read the article “19 Ways to Build Physical Security into a Data Center,” which appeared in the CSO Magazine November 2005. (You can find the article at


Download 0.51 Mb.

Share with your friends:
1   ...   11   12   13   14   15   16   17   18   19




The database is protected by copyright ©ininet.org 2024
send message

    Main page