(image by Artur, via Adobe Stock)
In cyber security, attention is concentrated on the new -- zero-day exploits, for example, are big news and big business. But old threats can still cause big problems for organizations, even when the threats are almost old enough to legally have a drink to celebrate their victories.
Cross-site scripting, or XSS, was first described by Microsoft engineers on January 16, 2000. By 2007, it was considered the most common exploit for web-based applications. And in 2020 it is still one of the most common, and dangerous, exploit technique. So what, exactly, is XSS, and why is it still something we worry about today?
XSS Basics
When a user types in a URL, they expect their browser to request data from a server, which will then be sent back to the browser and rendered on the user's screen. In the late 1990s, hackers found that they could use Javascript to cause one web site to be loaded into a frame in a second web site with no visual notification. The first (illicit) web site coold then capture data from a look-alike legitimate form, steal credentials, launch attacks, and do all sorts of other things. Because the attack used a pair of web sites and was launched with a script, the technique became known as cross-site scripting.
Modern web sites have become increasingly complex, and the process for making a ..
Support the originator by clicking the read the rest link below.
