paint-brush
Types of Cross-Site Scripting(XSS) Attacksby@obetomuniz
227 reads

Types of Cross-Site Scripting(XSS) Attacks

by Beto MunizMay 21st, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The question is... How to defend against attacks XSS? There's no formula - A system security is always dependent on that system context, keep this in mind, but there are practices against well-known XSS attacks. Start reading about Content Security Policy, Mozilla Observatory, OWASP recommendations, and signing up my newsletter. Additionally, start reading about content Security Policy and Mozilla Observatory recommendations. The author of this article, Dev.to, is a web security lover who talks about web security.

Company Mentioned

Mention Thumbnail
featured image - Types of Cross-Site Scripting(XSS) Attacks
Beto Muniz HackerNoon profile picture

Know how each Cross-Site Scripting Attack behaves is crucial to start to think about how vulnerabilities in our web apps allow malicious codes to be executed using the browser to take sensible data from users.

That's what this article is about.

🔓 Reflected XSS

📌 This attack XSS use URL parameters or data submitted via POST in forms to inject malicious code on that server request that persists some data for later execution in the browser. Third-party Browser extensions could even be an access point to inject such a malicious code.

🔓 Stored XSS

📌 This attack XSS happens when malicious code is persisted by the attacker directly in the server-side of the web app and is executed by the user (victim) when she accesses the infected application.

🔓 DOM XSS

📌 This attack XSS happens when the application manipulates the DOM incorrectly, opening breaches to malicious scripts sent by URL parameters to inject malicious code.

🔓 The question is... How to defend against attacks XSS?

📌 There's no formula - A system security is always dependent on that system context, keep this in mind, but there are practices against well-known XSS attacks to stay updated about XSS attacks.

👉 Start reading about Content Security PolicyMozilla Observatory, OWASP recommendations, and signing up my newsletter. As a web security lover, I always talk about it.

Also published on Dev.to