OWASP Top 10 - #1 - Cross Site Scripting (XSS)
In another post, I said I would talk about the OWASP Top 10, which is a list of the 10 most dangerous current Web application security flaws. This list, interestingly, is built into both the PCI DSS standard as well as Shared Assessments.
#1 on the OWASP Top 10 is Cross Site Scripting (XSS), which, per OWASP is:
whenever an application takes user supplied data and sends it to a web
browser without first validating or encoding that content. XSS allows
attackers to execute script in the victim's browser which can hijack
user sessions, deface web sites, possibly introduce worms, etc.
For more information on XSS, check out this nice FAQ.
In the next post we will cover #2 on the Top 10.
DID YOU KNOW? Shared Assessments' Application Vulnerability Assessment actually contains 11 attributes. Can you name #11?
#1 on the OWASP Top 10 is Cross Site Scripting (XSS), which, per OWASP is:
whenever an application takes user supplied data and sends it to a web
browser without first validating or encoding that content. XSS allows
attackers to execute script in the victim's browser which can hijack
user sessions, deface web sites, possibly introduce worms, etc.
For more information on XSS, check out this nice FAQ.
In the next post we will cover #2 on the Top 10.
DID YOU KNOW? Shared Assessments' Application Vulnerability Assessment actually contains 11 attributes. Can you name #11?