IT Security
Now Reading
All about Cross Site Scripting (CSS / XSS) #HackerSeries

All about Cross Site Scripting (CSS / XSS) #HackerSeries

by KieranAugust 17, 2015

Cross Site Scripting is one of the most popular hacking methods used on the web and can be referred to as CSS (not to be confused with Cascading Style Sheets) or XSS.

XSS is only really relevant for dynamic websites – that is websites that fetch content from a database. Examples of dynamic websites would include those running on WordPress, Drupal or Joomla.

Cross Site Scripting is not dissimilar to SQL injection, in the sense that a hacker to ‘injects’ harmful scripts (including JS, VB, HTML) into a dynamic web page. The browser, interprets this as a trusted script, because after all, it seems to have come from your website. So, it executes the script on the end users machine when they unwittingly click on something that looks like a legitimate hyperlink. This can access any sensitive information that is stored in your browser (imagine how many saved passwords you have).

So to summarize:

  • XSS is a type of attack that is performed on vulnerable web applications and dynamic websites
  • The intention of an XSS attack is not to harm the website but rather the end user of the website
  • The harmful content is delivered to the users of the website using Javascript

How do you stop XSS?

If you run a WordPress website then you’ll be very pleased to know that stopping XSS is relatively easy. There are plenty of plugins that have been developed to combat such issues. Take a look at the Sucuri or Smart Filter Security plugins. There are some freemium aspects to the services, but if XSS is a concern, it should be addressed and paying a small sum for the right plugin, may be worth it.

Image used under creative commons

This article was brought to you by Netshock. Netshock is your technology blog, providing technology news, guides and insight.

What's your reaction?
Love It
0%
Interested
0%
Meh...
0%
What?
0%
Hate It
0%
Sad
0%
About The Author
Kieran
My name is Kieran, I love to see how technology can drive business growth. I started the Netshock technology blog as a place to share my thoughts and experiences with a wider audience. I cover all sorts of topics, from marketing to development.