XSS Attacks Are One of the Most Common Type and Pose Major Risks to Both Your Users and Website – Learn What They Are and How to Protect Yourself
Editor’s note: This is the first in a series of articles on XSS attacks. We’re starting this week with a broad overview of Cross-Site Scripting and will continue in the next few months with more detailed deep-dives on the specific types of XSS attacks. Stay tuned!
When you imagine a cyberattack, what do you think of, exactly? Many of us will conjure up images of a hacker gaining access to our machine and running rampant once inside. Or perhaps you’ll picture a web application being directly targeted via SQL injection or a similar attack vector. However, one of the most common types of website vulnerabilities targets the visitors of a website instead. We’re talking about Cross-Site Scripting (XSS) attacks, which occur when hackers execute malicious code within the victim’s browser.
Just how common are XSS attacks? For starters they’re a prominent item on the OWASP Top 10 Vulnerabilities list. Since 2014, Cross-Site Scripting vulnerabilities have been the most common type discovered on websites:
The most commonly disclosed vulnerabilities, 2014-2019 (Image Source: State of Open Source Report 2020 by Snyk).
And if that’s not enough, Positive Technologies found in their 2019 report that over two-thirds of all sites they tested contained XSS vulnerabilities:
Amount of vulnerabilities discovered on tested websites (Image Source: Positive Technologies)
XSS attacks can be extremely dangerous to both your visitors and you ..
Support the originator by clicking the read the rest link below.