Cross Site Scripting (XSS)• XSS can cause a variety of problems for the end user (annoyance “alerts” ~ complete account compromise “session hijacking”).• Installation of Trojan horse programs.• Page modification and redirection.
XSS types• Stored XSS Attacks.• Reflected XSS Attacks.• DOM Based XSS.
How it works<form method=“get” action=“index.php”> <input name=“hack_me” /> <input type=“submit” value=“Submit” /></form>
How it works<?php $txt=$_GET[„hack_me‟]; echo $txt; // echo “<script>alert("Hacked");</script>”?>
Commonly used to achieve the following malicious results:• Identity theft.• Accessing sensitive or restricted information.• Gaining free access to otherwise paid for content.• Spying on user‟s web browsing habits.• Altering browser functionality.• Web application defacement.• Denial of Service attacks.
XSS Countermeasures• There are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack.• The simplest form of XSS protection is to pass all external data through a filter (in server-side).• It is recommended to use libraries that has been tried and tested by the community.• XSS techniques keep changing (your filters will need to be updated periodically).• ESAPI (OWASP), AntiXSS (Microsoft).
XSS Countermeasures• HTML Escape Before Inserting Untrusted Data into HTML Element Content: • ESAPI Encoder Example: String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) ); • AntiXSS Equivalent: string safe = Microsoft.Security.Application.AntiXss.HtmlEncode( Request.QueryString[ "input" ] );