Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a vulnerability that occurs when a web application returns unsanitized input to the front end of an application.
Three types of XSS attacks are:
- Stored XSS: when a server saves an attacker’s input into its datastores.
- Reflected XSS: when a user’s input is immediately returned back to the user.
- DOM-Based XSS: when user input is interpreted by the DOM, an attacker could inject arbitrary code.
The code shows examples of HTML tags that help attackers inject dangerous input.
<script>alert(1);</script> <img src="X" onerror=alert(1);> <b onmouseover=alert(1)>click me!</b> <body onload=alert('test1')>
Preventing Cross-Site Scripting
XSS can be mitigated by properly sanitizing input, as well as using specialized functions. We can generally succeed in preventing XSS attacks by removing potentially dangerous keywords or potentially dangerous characters such as:
Rather than remove characters, we could replace them with the HTML-encoded versions. For example, the
< character would be converted to the “<” string.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery is a serious vulnerability that results from poor session management. If the requests sent by an application aren’t unique, it’s possible for an attacker to craft a special request and send that to a user. If the user interacts with the crafted request, and sessions aren’t handled properly, an attacker may be able to make changes on behalf of a user.
CSRF tokens are one way to prevent against CSRF attacks.