Cross-Site Scripting
Cross-Site Scripting, or XSS, is another major attack type that is frequently listed in the OWASP (Open Web Application Security Project) of top ten application vulnerabilities. Similar to SQL injection, this vulnerability is also caused by non-sanitized user input, but in this case, rather than modifying the behavior of a database, it injects scripts into a web page.
Web pages are constructed using html tags. Every html page contains some content bracketed by the html tag, like this:
<html> Hello World! </html>
One such html tag is the <script>
tag, which is used to embed executable content – usually, JavaScript code. This tag is used to run client-side code execution on the browser, for example, to generate dynamic content or manipulate data and images.
The code inside the <script>
tag is not visible on the web page and, as such, it generally goes unnoticed. This feature of the <script>
tag can be manipulated...