Home » Threats » Cross-Site Scripting Attack

SQL-injection attack

Cross-Site Scripting (XSS) is a type of attack that enables intruders to inject client-side script into a website and execute it in the user web browser. Susceptibility to this type of attack is due to incorrect processing and filtering of user supplied data. The task of implementing correct and complete content filter functions is very difficult, if not impossible. By finding ways of injecting malicious scripts into websites, an intruder can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information stored by the browser on behalf of the user.
SiteDefensor mitigates XSS attacks by setting appropriate attributes for session cookies so that they cannot be accessed through client-side scripts. At the same time this approach does not interfere with normal functioning of the website.
 
Copyright © 2011-2015 FINESEC Sp. z o.o.
HTML design by: webmania.pl