XSS Attacks – exploits a vulnerability in a website that the victim visits, in order to get the website to deliver the malicious JavaScript for him.
This Javascript can –
1. Read Cookie.
2. Modify DOM.
3. Make XMLHTTPCalls.
Doing these three things actually leads to problems like –
This Javascript can –
1. Read Cookie.
2. Modify DOM.
3. Make XMLHTTPCalls.
Doing these three things actually leads to problems like –
1. Cookie Theft – Can be dangerous if Attacker reads your session cookie and tries to get information out of it.
2. Key Logging – Add Key Listener and Read what user is Typing.
3. Phishing – Insert Login Forms in HTML.
So its very necessary to figure out Vulnerabilities in the Server Side and Client Side Code so that a XSS attack cannot be made. This can be done by securing input handling.
Which can be done in two ways –
1. Encoding – escapes the user input so that the browser interprets it only as data, not as code.
2. Validation. – filters the user input so that the browser interprets it as code without malicious commands.
XSS Attacks