Protect yourself from cross site scripting

WindowsSecurity.com published a guide today that promises to teach you everything you need to know about understanding and preventing the cross site scripting (XSS) attack.

XSS is an extremely common application-layer web attack. It embeds a malicious script on a Web page and when a Web browser comes along, it executes the script. This is a common method used by Bothearders to acquire zombies.

Says the guide:

"Many site owners dismiss XSS on the grounds that it cannot be used to steal sensitive data from a back-end database. This is a common mistake because the consequences of XSS against a web application and its customers have been proven to be very serious, both in terms of application functionality and business operation. An online business project cannot afford to lose the trust of its present and future customers simply because nobody has ever stepped forward to prove that their site is really vulnerable to XSS exploits."

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2007 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)