XSS attack Essay - 275 Words

XSS Attack (Other (Not Listed) Sample) Content: XSS ATTACKThe XSS attack is categorized into persistent and non-persistent attacks. In this case I exemplify the non-persistent XSS attack. An attacker may attempt to change a URL of a certain link like download here''. The attacker may opt to change the direction of the link from xssattackexamples.com website to not-real-xssattackexamples.com the attacker will thus craft the URL toindex.php? = // In this URL the function executes the window onload.index.php first, detects the window on load and later draws the tag.If the URL lacks the word window on load as shown above it will execute the statements before the tag is echoedAn attacker will always be wiser than any normal user thus will craft a URL that no human can easily comprehend. He or she will carry out some encoding of the ASCII characters to hexIndex.php?=45%99%20%2v%5b%54%74%6g%77%4b%86%90%4f%22%3c%3e%68%5d%65%52%23%67%18d%54%43%76%3452%70%66%21%6d%30%6fThis an example in which an attacker may attack other users .The main consequence of this is that the attacker will get the mandate to visit the URL while the normal user is limited. Crafting confuses the user.The web application can best be protected by updating the identity and access systems of the web application. Ensure that the web application regularly updates on protection of threats. In case of a company it should put containers and network access control to prevent untrusted device to access confidential company information. Establish a comprehensive security intelligence and risk management platform in the company for the web application. Have one network instead of two.Prevention measuresThe preventive measures should include. 1 ignore use of JavaScript before input of data from untrustworthy source to the value of JavaScript data 2 Avoid feeding data that is not from a trustworthy site. 3 Ignore the XSS and validate it before using data that is unsupported and not trustworthy to the values of HTML style 4 it is also advisable that before input of unsupported data to the HTML attribute, ignore the attribute 5 Ignore HTML before feeding any information that is not trustworthy to the html elemen...