Security Xss Danger
// Security - Cross Site Scripting - Dangers of XSS attacks: 1. Session Compromise: An attacker can use XSS to send themselves the contents of any cookies for the site (that are not marked with an HttpOnly flag). This most often means session cookies, which can be used to gain access to the users account and data. 2. Arbitrary Requests: You'll learn about this attack in a later section, but XSS bypasses CSRF protections and lets the attacker send requests to the web server masquerading as the user. 3. Malware Download: XSS can prompt the user to download malware. Since it looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the Malware. 4. Log Keystrokes: The attacker can monitor keyboard entries, possibly finding usernames and passwords. As you can imagine, the above items when taken together can often be used to fully compromise the user's account. If the attack is used against a system administrator, the attacker may gain a large amount of additional access.
page revision: 0, last edited: 01 Jan 2017 21:56