Employing Countermeasures
XSS vulnerabilities stand out from other Web attacks by their effects on both the Web application and browser. In the most common scenarios, a Web site must be compromised to serve as the distribution point for the payload. The Web browser then falls victim to the offending code. This implies that countermeasures can be implemented for servers and browsers alike.
Only a handful of browsers pass the 1% market share threshold. Users are at the mercy of those vendors (Apple, Google, Microsoft, Mozilla, Opera) to provide in-browser defenses. Many current popular browsers (Safari 4, Chrome Beta, IE 8, Firefox 3.5) contain some measure of anti-XSS capability. Firefox's NoScript plug-in (http://noscript.net/) is of particular ...
Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.