This is the third installment in a series on Web Application Vulnerability Basics.
What Is Cross-Site Scripting?
How Does XSS Work?
For a cross-site scripting attack against a web application to be successful, two conditions must be met. One, the web application needs to accept some form of user input. This is usually data being passed in a web request, which the web app does not validate correctly. Two, this data is included, without proper sanitization, on the response back to the user’s browser where the attack is then triggered.
There are two types of cross-site scripting attacks: Reflected XSS and Stored XSS.
A reflected XSS attack has no persistence and requires an attacker to trick the victim into submitting a malicious request themselves. Because of this, a reflected attack is less severe than a stored XSS attack due to the limited scope. However, a reflected XSS vulnerability is usually easier to find than a stored XSS vulnerability.
The scope of a stored XSS attack isvast. Anyone visiting a page with an injected XSS payload could have their accounts compromised, data stolen, session hijacked, and more. Stored XSS attacks can lead to a full compromise of the web application if an administrator’s credentials are stolen. This attack could also be paired with cross-site request forgery to perform actions on behalf of victim without their knowledge.
XSS Mitigation Techniques
There are a few mitigation techniques that can be utilized to prevent XSS attacks. These techniques are simple but effective, and mainly focus on sanitizing and validating user input.
Restrict and validate user input wherever possible.
If markup is handled by web application (uses similar characters to HTML), use a HTML sanitization library.
Implement a strict content security policy to limit scope of a successful XSS attack.
Protecting against XSS attacks is crucial to maintaining a secure web application. Keep XSS attacks in mind while developing and maintaining web applications and verify that XSS mitigation strategies are working as intended.
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.