Today, most security breaches online occur through the application rather than the server. The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attackswhich typically result from flawed coding, and failure to sanitize input to and output from the web application.
In this blog I will be discussing these two attacks and methods on how to counter them.
Cross Site Scripting (XSS)
Cross-site scripting (XSS) is an injection attack which is carried out on Web applications that accept input, but do not properly separate data and executablecode before the input is delivered back to a user’s browser.
Like all injection attacks, XSS takes advantage of the fact that browsers can’t tell valid markup from attacker-controlled markup, they simply execute whatever markup text they receive. The attack circumvents the Same Origin Policy (SOP), a security measure used in Web browser programming languages…
View original post 1,335 more words