Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Dynamically Typed:
Cross Site Scripting Could Make You Lose Your Cookies
Jul 18, 2005 @ 18:32:54

Dynamically Typed has this new entry with a bit of information about one of the more deadly (and difficult to detect) issues facing web sites today - Cross Site Scripting (and how it can make you loose your cookies).

Cross Site Scripting (XSS) is a form of security exploit that threatens any web application. Its severity is often underestimated. The problems go far beyond annoyances and practical jokes. By stealing your cookies, Cross Site Scripting attacks can allow attackers to gain administrative access to your CMS.

If a user submits a guestbook entry, a blog comment, or even a username and password, that content could contain all sorts of nasties that need to be filtered out if they are to be displayed in a Webpage. These may be either relatively harmless - for example, practical jokes - or malicious - code that is intended to gain private information in order to break into your system. Typically these 'nasties' are scripts - hence the name 'Cross Site Scripting'.

He continues on, explianing what XSS exploits are, a few common ones, and includes how to protect yourself from some of the malicious users out there seeking to exploit your site...



Trending Topics: