Protect yourself from cross site scripting
By Microsoft Subnet on Wed, 09/05/07 - 3:28pm.WindowsSecurity.com published a guide today that promises to teach you everything you need to know about understanding and preventing the cross site scripting (XSS) attack.
XSS is an extremely common application-layer web attack. It embeds a malicious script on a Web page and when a Web browser comes along, it executes the script. This is a common method used by Bothearders to acquire zombies.
Says the guide:
"Many site owners dismiss XSS on the grounds that it cannot be used to steal sensitive data from a back-end database. This is a common mistake because the consequences of XSS against a web application and its customers have been proven to be very serious, both in terms of application functionality and business operation. An online business project cannot afford to lose the trust of its present and future customers simply because nobody has ever stepped forward to prove that their site is really vulnerable to XSS exploits."
- About The Microsoft Update
Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited
Most Discussed Posts
- Blog Roll
-
- Microsoft Subnet Home Page
- http://www.networkworld.com/subnets/microsoft/
- All Microsoft Subnet bloggers
- http://www.networkworld.com/community/blogs/microsoft/feed
- ActiveWin
- http://www.activewin.com
- Blake Handler The Road to Know Where
- http://bhandler.spaces.live.com/
- Dmitry's PowerBlog
- http://dmitrysotnikov.wordpress.com/
- Doug Brown,DABCC
- http://www.dabcc.com
- Ed Bott's Windows Expertise
- http://www.edbott.com/weblog/
- Joseph Tartakoff Microsoft Blog
- http://blog.seattlepi.nwsource.com/microsoft/
- Long Zheng istartedsomething
- http://www.istartedsomething.com/
- Mini-Microsoft
- http://minimsft.blogspot.com/
- Paul Thurrott's Supersite for Windows
- http://www.winsupersite.com
- Robert McLaws WindowsNow
- http://www.windows-now.com
- Scobleizer
- http://scobleizer.com/
- Techmeme
- http://www.techmeme.com/
- Todd Bishop's Microsoft Blog
- http://www.techflash.com/Microsoft
-
Network World, Inc
The Connected Enterprise