Client-Side Cross-Site Scripting Protection

Download Now Free registration required

Executive Summary

Web applications are becoming the dominant way to provide access to online services. At the same time, web application vulnerabilities are being discovered and disclosed at an alarming rate. Web applications often make use of JavaScript code that is embedded into web pages to support dynamic client-side behavior. This script code is executed in the context of the user's web browser. To protect the user's environment from malicious JavaScript code, browsers use a sand-boxing mechanism that limits a script to access only resources associated with its origin site. Unfortunately, these security mechanisms fail if a user can be lured into down-loading malicious JavaScript code from an intermediate, trusted site.

  • Format: PDF
  • Size: 365.3 KB