category:

XSS (Cross Site Scripting) Attacks. How can I prevent XSS attacks on my website?
Many websites today are reeling under persistent XSS (cross site scripting) attacks where vulnerable code is being attached to their webpages which block their sites on Google and other search engines and prevent users from browsing their websites. Users not using updated browsers download the malicious code on their PCs or are being redirected to the websites of the malicious code, where their sessions are being captured or sensitive data like usernames/passwords are being used by hackers to gain priveleged information which could cause damage to the users and the website owners alike. Many website owners feel that this is a problem with the webhost or that their PCs are virus infected and the files which they are uploading on their webserver is virus infected and that is causing this problem. But this is simply not the case! XSS attacks are generated on a runtime basis due to insecure code on your website or web application which is being used by hackers to attach their own code into your website through insecure feedback forms, user registration/login forms and even search fields. Here are some collection of links to online videos and resources which should enable you to gain a better understanding of XSS and how to block prevent XSS attacks on your website:

Video 1: A brief video primer on SQL Injection works.

Video 2: Persistent Cross Site Scripting

Video 3: Don Ankney of Microsoft talks about the continuing challenges around eradicating Cross Site Scripting from the Earth.

Foiling Cross-Site Attacks: An interesting read on XSS and cross-site request forgeries(CSRF).

XSS Tools:

Springenwerk Security Scanner: Springenwerk is an open source Cross Site Scripting (XSS) security scanner, written in Python.
HTML Purifier: HTML Purifier is a standards-compliant HTML filter library written in PHP. It has pulgins for popular CMS and PHP Frameworks like Drupal, Joomla and Codeigniter.
N-Stalker Free Edition: N-Stalker Web Application Security Scanner provides a restricted set of free Web Security Assessment checks to enhance the overall security of your web server infrastructure.
As XSS security is an evolving area and new products, techniques are being introduced to prevent its abuse, your comments and additional resources on this post are welcome to make this a valuable resource for other users.
[ratings]
Share
Comments (3)

3 responses to “XSS (Cross Site Scripting) Attacks. How can I prevent XSS attacks on my website?”

  1. Daniel Craig says:

    Hi there, I was looking around for a while searching for web application security and I happened upon this site and your post regarding oss Site Scripting) Attacks. How can I prevent XSS attacks on my website? | Diadem Tech Weblogs, I will definitely this to my web application security bookmarks!

  2. Daniel Craig says:

    Hello, I was looking around for a while searching for security scanners and I happened upon this site and your post regarding oss Site Scripting) Attacks. How can I prevent XSS attacks on my website? | Diadem Tech Weblogs, I will definitely this to my security scanners bookmarks!

  3. programmatori web…

    […]XSS (Cross Site Scripting) Attacks. How can I prevent XSS attacks on my website? | Diadem Tech Weblogs[…]…

Leave a Reply

Your email address will not be published. Required fields are marked *

50 + = 51

Related:

Stay Updated

Please enter your details below to get
A Free Trial
x + x* =