Cross Site Scripting Attacks Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Cross site scripting also known as XSS work when a web application gathers harmful data from a user. The cross site scripting data mostly use in web link which store a harmful information and within it. When the user click on the this type data, web link or other instant message from the other site user or just reading the display e-mail message so that cross site scripting activate on the user system. Usually the attacker will send the harmful data in Hexadecimal so the request is less suspicious looking to the user when clicked on. After this procedure the data is collected by the web application, it creates an new output page for the user this new page containing the dangerous or harmful information or data that was originally sent to it, but the attracter make the originality for the other user this a valid content from the web site. Many popular companies' guestbook and forum programs allow users to submit theirs comments with html and Java Script coding. If for example I was logged in my mail box in as "john" and read a message by "Joe" that contained harmful or dangerous information in Java Script in it, then it may be possible for "Joe" to hijack my system just by reading his message which is display in front of me.

Cross Site Scripting allows an attacker to add harmful JavaScript, VBScript, ActiveX, HTML, or Flash into a open a moral attack in dynamic page to fool the user, executing the script on his system in order to gather data. The use of XSS might compromise private information, manage or steal cookies, create requests that can be mistaken for those of a valid user, or execute harmful code on the end-user systems. The data is usually formatted as a hyperlink containing harmful or dangerous content and which is spread over any possible means on the internet.

The following rules are indeed protect all XSS in the application. While these rules do not allow absolute freedom in putting unfair data into an HTML document. Here is some rules to organize the data or protect the data from XSS. Mostly organizations may find that allowing only Rule # 1 and Rule # 2 are sufficient for their needs.

Rule # 1 Never Insert Untrusted Data Except in Allowed locations.

This rule describe that do not put untrusted data into your HTML documents. Most

Importantly, never accept actual JavaScript code from an untrusted source and then run it.

Rule # 2 HTML Escape Before Inserting Untrusted Data into HTML Element Content.

This rule describe that when we put untrusted data directly into the HTML body somewhere.

This includes inside normal tags like div, p,b, td etc. Always beware the special characters in

HTML entity encoding such as script, style, or event handlers.

Rule # 3 Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes.

For putting untrusted data into typical attribute values like width, name, value. This attribute

values not used for complex attributes like href, style. Accept the alphanumeric character ,

escape all character with ASCII values less than 256 with the (&#xHH;) format to prevent

switching out of the attribute.

Rule # 4 JavaScript Escape Before Inserting Untrusted Data into HTML JavaScript Data Values.

JavaScript event handlers that are specified on various HTML elements. The only safe place

to put untrusted data into these event handlers as a quoted "data value". Expect for alphanumeric characters; escape all characters less than 256 with the \xHH format to prevent switching out the data value into the script context or into another attribute. Do not use any escaping shortcuts like \" because the quote character may be matched by the HTML attribute parser which runs first.

RULE # 5 - CSS Escape Before Inserting Untrusted Data into HTML Style Property Values.

When we put the untrusted data in CSS file or style tag.CSS is powerful and can be used for numerous attacks. Therefore its very important that we only use untrusted data in a property value and not into other places in style data.

(Q3) What are the similar threats?

Confidentiality Threats

Disclosure of arbitrary data (entered ) in HTML forms

Disclosure of all test typed in an entire web application

File system reconnaissance

File content disclosure

Port Scanning

Application reconnaissance (spidering)

Vulnerability scanning.

Password cracking.

Privilege Threats

Exploit pushing (GET and POST requests to any Web server)

Digital identity theft

Digital identity forcing

Spoofing Threats

Hoaxes (Script code can change HTML content at runtime)

Phishing (Attackers can embed false content in a web page)

Tampering Threats

File content manipulation (File store LAN and attacker modify the content on LAN)

Server / Device reconfiguration (Port scanning detection)

Malware distribution (Attacker create a new virus file with Active X commands)

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.