XSS Attacks Types on Web
source link: https://dev.to/obetomuniz/xss-attacks-types-on-web-36mh
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Know how each Cross-Site Scripting Attack behaves is crucial to start to think about how vulnerabilities in our web apps allow malicious codes to be executed using the browser to take sensible data from users.
That's what this article is about.
π Reflected XSS
π This attack XSS use URL parameters or data submitted via POST in forms to inject malicious code on that server request that persists some data for later execution in the browser. Third-party Browser extensions could even be an access point to inject such a malicious code.
π Stored XSS
π This attack XSS happens when malicious code is persisted by the attacker directly in the server-side of the web app and is executed by the user (victim) when she accesses the infected application.
π DOM XSS
π This attack XSS happens when the application manipulates the DOM incorrectly, opening breaches to malicious scripts sent by URL parameters to inject malicious code.
π The question is... How to defend against attacks XSS?
π There's no formula - A system security is always dependent on that system context, keep this in mind, but there are practices against well-known XSS attacks to stay updated about XSS attacks.
π Start reading about Content Security Policy, Mozilla Observatory, OWASP recommendations, and signing up my newsletter. As a web security lover, I always talk about it.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK