Tag: Cross-Site Scripting

Website security for web designers and developers

Website Security – Are You Doing Enough For Your Clients?

Cybersecurity continues to be an evolving challenge for website designers and developers. Everyday, hackers create new malware strains and perform sophisticated attacks that can devastate client websites.

SiteLock is promoting Cybersecurity Awareness Month and as a web designer or developer, it is imperative that you understand your role in the security of your clients’ websites. Many people assume that you are handling every aspect of the site, including its protection. Because of this, you must take action and understand how to provide that security.

Read More

Cybersecurity

What is Cross-Site Request Forgery (CSRF)?

More often than not, when people think of a hacker, they think of someone technologically infiltrating a network and stealing mass amounts of sensitive information sitting behind it. In actuality, hackers tend to employ methods that take advantage of individual users, often in tandem with some form of social engineering.

Read More

SiteLock | This Week in Exploits

This Week in Exploits: What Are XSS Vulnerabilities? Part 2

In last week’s “episode” of ‘This Week in Exploits’, we talked about Cross-Site Scripting (XSS) and specifically reflective XSS vulnerabilities, the most common type of XSS flaw. We now know roughly what a XSS attack is, and some of what a reflected XSS attack does, but why do XSS attacks exist? How can they be used?

 

Read More

SiteLock | This Week in Exploits

This Week in Exploits: What Are XSS Vulnerabilities? Part 1

In the world of websites, hackers have a variety of tools to intrude on people’s domains. These hacks, which take advantage of vulnerabilities in a site’s code, are categorized by projects like the OWASP Top Ten. According to the OWASP assessment, the top three most common attacks are: Injection, Weak Authentication and Session Management, and Cross-Site Scripting, known as XSS. As new vulnerabilities are discovered, we still can see that a large portion of these vulnerabilities are XSS-related vectors.

Read More

Attention All Bloggers: Beware of Cross-Site Scripting!

With each technological advance, a challenge is created for the unscrupulous hacker. The popularity of blogging software, with all its vulnerabilities, has spawned thousands of malicious cross-site scripting attacks. Hackers have not neglected immense commercial sites. Facebook, PayPal, Hotmail, GMail and Twitter have all had issues with cross-site scripting. Often referred to as XSS, cross-site scripting is a major threat to blogs. Owners of blogs should be aware of the dangers, and what actions must be taken to prevent a cross-site scripting attack on their site.

Blog Vulnerabilities and XSS

Most cross-site scripting vulnerabilities take place on server-side code, while DOM (document object model) is a method used by hackers to exploit vulnerabilities on client-side code. Running antivirus or spyware blockers provide some protection, but not nearly enough to prevent attacks from outside.

Read More

Powered by WordPress & Theme by Anders Norén