TI - XSS Street-Fight : The Only Rule Is There Are No Rules
AU - Barnett, Ryan
AB - Attack: XSS • Attacker can send data through web applications that will execute code within the victim’s web browser • It is an interpreter attack against the web browser Application Defects: Improper Output Handling • Application does not properly apply contextual output encoding/escaping of user supplied data. Types: • Reflected, Stored and DOM Consequences: • Session Hijacking, Malware Installation, Fraud (CSRF). Remediation: Contextual Output Encoding • Must escape differently depending where data is displayed on the page − HTML, HTML Attribute, URL, JavaScript, CSS.
Tomado del texto original
Fecha de reseña: 14/12/2016
KW - Redes de computadores -  Medidas de seguridad -  Seguridad en computadores -  Hackers (Informática)
PB - Trustwave
UR - https://repositorio.inci.gov.co/handle/inci/669
ER -