AllFreePapers.com - All Free Papers and Essays for All Students
Search

Javascript Case

Autor:   •  April 27, 2013  •  Essay  •  326 Words (2 Pages)  •  985 Views

Page 1 of 2

A common JavaScript-related security problem is cross-site scripting (XSS). In case of XSS, it is naturally considered that it is a disruption of the same-origin policy. XSS is a security exploit in which the attacker inserts malicious coding into a link that appears to be from a trustworthy source. XSS vulnerabilities occur when an attacker is able to cause a target web site. When someone clicks on the link, the embedded programming is submitted as part of the client's Web request and can execute on the user's computer, typically allowing the attacker to steal information.

To protect against cross-site scripting, security experts have recommend solutions which state that web applications should include appropriate security mechanisms and servers should validate input as a matter of course. A solution to XSS vulnerabilities is to use HTML escaping whenever displaying untrusted data. Besides, some other solutions related to contextual output encoding/escaping of string input have been proposed to minimize this kind of threat.

Another JavaScript security problem is the cross-domain functionality that allows sites to load multiple objects from various sources. When cautions are not taken properly, the use of this function leads to unintentional data leakage. To reduce this issue, expert recommended using a whitelist-based approach when implementing this function. This ensures that anonymous JavaScript cannot be executed through public sub-domains.

Among some other related vulnerabilities, in case of the Universal Cross Site Scripting (UXSS) vulnerabilities are exploited in the browser, commonly used by the Annonymous along with DDoS, rather than in other websites in XSS. There are several classes of vulnerabilities that are related to XSS such as the cross-zone scripting exploits "zone" concepts in certain browsers and usually executes code with a greater privilege. Cross-site request forgery (CSRF/XSRF) is nearly

...

Download as:   txt (2.1 Kb)   pdf (55.1 Kb)   docx (10.5 Kb)  
Continue for 1 more page »