News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DeveloperDrive.com:
What Web Developers Need to Know About Cross-Site Scripting
October 17, 2011 @ 13:39:23

On the DeveloperDrive.com site there's a recent post anyone wondering about cross-site scripting should give a read. They introduce you to the basic concept and two things you can do to help prevent them.

This little fable describes the most common vulnerability found in web sites, the Cross Site Scripting (XSS) attack. According to a report from WhiteHat Security 83 percent of websites they tested have had at least one serious vulnerability and 66 percent of all websites with vulnerabilities are susceptible to XSS attacks making it the most common vulnerability web developers face. To fix this, it takes 67 days on average. Tools like WebScarab and Paros Proxy can be used to scan sites for possible vulnerabilities.

They offer two simple pieces of advice that it's all too easy to forget when developing applications - validate all user input to ensure it's what it should be and escape any untrusted output (even sometimes your own!) before pushing it out to the page.

0 comments voice your opinion now!
crosssitescripting xss introduction validate filter input output advice


blog comments powered by Disqus

Similar Posts

Secunia.com: TCExam PHP Code Execution and Cross-Site Scripting

Padraic Brady's Blog: CodeIgniter 2.0.2: Cross-Site Scripting (XSS) Fixes And Recommendations

Zend Developer Zone: Building AutoComplete Inputs with PHP, PEAR, Dojo and YUI

NETTUTS.com: Can You Hack Your Own Site? A Look at Some Essential Security Considerations

Secunia.com: Debian Update for PHP4 & PHP5


Community Events











Don't see your event here?
Let us know!


threedevsandamaybe series component framework hhvm package unittest install security symfony2 facebook podcast application introduction composer opinion release hack code language

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework