Cross-Site Scripting (XSS) Flashcards
What’s Cross-Site Scripting (XSS)?
occurs when a web application does not properly sanitize or validate user-supplied input and allows the injection of malicious scripts into web pages viewed by other users
What do XSS attacks enable attackers to do?
execute malicious scripts in the context of the victim’s browser, leading to potential theft of sensitive information, session hijacking, or unauthorized actions on the web application
What type of applications does XSS attack target for what purpoes?
- typically target web applications that allow user-generated content to be displayed on web pages without proper validation or sanitization
- attackers exploit this vulnerability by injecting malicious scripts that are later executed by the victims’ browsers
What are the two types of XSS attacks?
- Stored XSS
- malicious scripts are permanently stored on the targeted web application’s server and served to users when they view a specific page
- Reflected XSS
- malicious scripts are embedded in a URL or other input and reflected back to the user’s browser, executing in the victim’s context
What are the XSS attack techniques?
- HTML Injection
- attackers inject HTML tags or attributes that can alter the structure or behavior of the targeted web page
- JavaScript Injection
- attackers inject JavaScript code that can perform unauthorized actions, steal sensitive information, or manipulate the victim’s browsing session
- DOM-based XSS
- attackers manipulate the Document Object Model (DOM) of a web page by injecting malicious scripts that are executed by the victim’s browser
What are the potential consequences of XSS attacks?
- theft of sensitive information, such as login credentials, session tokens, or personal data
- session hijacking, where the attacker gains unauthorized access to the victim’s session or account
- defacement or manipulation of web pages, leading to a loss of trust and reputation for the targeted web application
- malware distribution, where attackers exploit XSS vulnerabilities to deliver malware to unsuspecting users
What is the prevention and mitigation of XSS attacks?
- Input Validation and Sanitization
- validate and sanitize all user-supplied input to ensure it does not contain malicious scripts or characters
- Output Encoding
- properly encode and sanitize output to prevent interpretation of user input as executable code
- Content Security Policy (CSP)
- restrict the types of content that can be loaded on a web page, mitigating the impact of XSS attacks
- Contextual Output Encoding
- use appropriate encoding techniques depending on the context of the output (HTML, JavaScript, URL, etc.).
- Regular Security Testing
- conduct comprehensive security testing, including vulnerability scanning and penetration testing, to identify and remediate any XSS vulnerabilities
What’s reflected input?
- specific type of XSS attack where malicious code is injected into a web application and then reflected back to the user as part of the response
- occurs when user-supplied data is not properly validated or sanitized by the web application before being included in the response sent back to the use
What’s the defense against XSS?
- input validation
- validate data length and data type
- filters out malicious imput like [SCRIPT] tag
What’s Cross-site tracing (XST)?
leverages the HTTP TRACE or TRACK methods and could be used to steal a user’s cookies via cross-site scripting (XSS)
Why isn’t creating filter that watches for the ˂SCRIPT˃ tag sufficent protection against XSS?
attackers may use XSS filter evasion techniques against this approach
What HTML tag is often used as part of a cross-site scripting (XSS) attack?
[SCRIPT] tag is used to indicate the beginning of an executable client-side script and is used in reflected input to create a cross-site scripting attack
