Exploring What XSS Vulnerabilities Are

1
(No Transcript)
2
Introduction

• For any business, websites are their digital
  identity and protection against the top
  vulnerabilities like XSS is essential
• XSS attacks have a wide range of damages
• Hackers steal away with crucial sensitive data
  present on the website for performing identity
  theft

3
What are XSS Attacks?

• Cross-site scripting or XSS attacks are security
  policy which is carried out by the attackers on
  client-side webpages codes
• This attack has been in existence for more than 3
  decades now
• All major websites have been at least once under
  this vulnerability attack
• Attackers use XSS vulnerabilities for stealing
  user data or controlling the user session
• Also used as a component of a major phishing scam

4
Types of XSS Attacks

• Reflected XSS- Also known as non-persistent XSS
  attack. Here malicious scripts are diverted to
  another website on the user browser
• Stored XSS- Also known as persistent XSS, where
  malicious code is directly inserted into the web
  application
• DOM XSS- Here the malicious script is present in
  the Document Object Model rather than the HTML

5
How XSS Attack Works

• XSS attacks are different from other application
  layer attacks
• The application of a user is attacked and not his
  server
• It works by placing a malicious code using a
  client-side script on the web applications
  output
• The common motive behind an XSS attack is to
  gather insights from cookie data
• Client-side scripts dont have direct impact on
  the server-side information

6
Preventing XSS Attacks

• Using a Website Vulnerability Scanner
• The website owners can use a website
  vulnerability scanner when they develop their web
  applications.
• A website scanner tool gives a full audit of
  security weaknesses along with flaws present in
  the site
• A web security scanner also ensures the user
  website is also secured against top website
  vulnerabilities

7
Preventing XSS Attacks

• Using an SDL
• SDL stands for Security Development Lifecycle
• Adding SDL in the web application limits the
  number of coding errors and security breaches
• It ensures that websites become less vulnerable
  to any XSS attack
• SDL assumes that all data received by web
  application is coming from a non-trustworthy
  source

8
Preventing XSS Attacks

• Having a Crossing Boundaries Policy
• A crossing boundary policy allows the
  authenticated users to enter their login
  information again before giving access to users
  for certain pages and services on the website
• Crossing boundaries policy can be expanded
  further so that the session gets terminated if
  two IP address have similar session data

9
How VTMScan Helps

• ESDS VTMScan is a 1-click vulnerability, threat
  and malware scanner for the user websites and web
  applications
• It checks for vulnerabilities like- OWASP Top-10
  Vulnerabilities, Cross-Site Scripting (XSS),
  LFI-RFI Detection, etc.
• Provides a comprehensive report to the user
  regarding the vulnerabilities present on his
  website and web applications

10
Know more _at_ https//esds.co.in/security/vtmscan
11
Concluding Remarks
An XSS attack is one of the most dangerous
vulnerability attack that takes place on a
website. It leads to drastic damages for any
website owner.
VISIT ESDS _at_
relationship_at_esds.co.in