previous arrow
next arrow

Cross-Site Attack

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. XSS vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user’s data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application’s functionality and data.

According to MITRE-SANS, almost 40 percent of all cyber-attacks in 2019 were performed by using cross-site scripting, which is hackers’ favorite attack vector globally. The technique most often used are to inject JavaScript, VB Script, ActiveX, HTML, Flash or any other types of codes that may logically execute. Once the injection is successfully performed, hackers carry out a variety of malicious attacks including account hijacking, changing of user settings, poisoning, or false advertising. The most vulnerable to these attacks are the dynamic websites which behave and display differently according to user’s requirements.

Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data. ASI’s antivirus application prevents XSS vulnerabilities through a combination of measures such as filtering the inputs on arrival, encoding the data on output, and using appropriate response headers so that the browsers interpret the responses in the way you intend. As a last line of defense, the application uses the laid down Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.


Get a Quote

If you have questions or comments, please use this form to reach us, and you will receive a response within one business day. Your can also call us directly at any of our global offices.