Programmer/Analyst-Expert, University of Missouri
(This was Winner of Best of Track TPR)
or local copy Cross-site Scripting: What Is It, and How Can You Protect Your Site from Becoming a Victim?
Same Origin policy: 1 page in 1 tab can’t interact with other page in another tab.
Injection attack: accept exploits the trust for a site
Education sites are the worst for xss.
URL Shorteners are bad: need to be locked down in edu
Three main types:
- non-presistent/reflective – most common, relies on social engineering (GET data)
- persistent/stored – web forums, social media sites (POST data)
- local – less likely but dangerous (html files on your desktop)
” ‘ < abx >
The People directory “search” is not google and thus another company (in house) makes the search – more vulnerable.
How to protect:
Be paranoid. Trust no one. Layers, layers, layers.
Intrusion detection system
Tidy the output
No Script plugin for Firefox.
Look at phped for php editing.