Security

Analysis of Cross Site Scripting Attack

Download Now Free registration required

Executive Summary

Web applications have become a dominant way to provide access to online services. Simultaneously, web application vulnerabilities are being discovered and disclosed at an alarming rate. Web applications often make use of JavaScript code that is being embedded into web pages to support dynamic client-side behavior. This script code is being executed in the context of the user's web browser. To protect the user's environment from malicious JavaScript code, browsers have being using a sand-boxing mechanism that limits a script to access only resources associated with its origin site. Unfortunately, these security mechanisms do not suffice because a user can be lured into downloading malicious JavaScript code from an intermediate, trusted site.

  • Format: PDF
  • Size: 457.1 KB