SEO TIPS

2013 SEO Tips

BLOGGER TIPS

Best Blogger Tips

INCREASE TRAFFIC

Expert Tips To increase traffic

ONLINE TOOLS

100 Online Tools

INCREASE INDEX RATE

Increase your google index rate

IMPROVE ALEXA RANK

Improve alexa rank

SEO TOOLS

51 SEO Tools

PHP SCRIPT

Essential PHP Scripts

Prevent cross site scripting attack to protect app

Cross site scripting is referred to as XSS.Cross site scripting attack is done to web app where script code is passed to your form processing script and hijacks your output. It is a big security problems in php web apps. let’s take a look for preventing xss scripting, what it is and how to prevent cross site scripting .

Prevent cross site scripting attack to protect app
Prevent cross site scripting attack to protect app


Cross site scripting usually takes advantage of sites that display user submitted data. Any data you get from your users and display could potentially be corrupt and cause visitors to your site to be vulnerable to a hacker.and hence we need to prevent cross site scripting.

Using an xss Attack or cross site scripting attack , a hacker can do any number of things. One of the worse it to redirect your result page to a page on a site under their control that might ask the user for further information. Your user might notice that he is no longer on your site. And since he trusts your site and since he trusts your site he might willingly submit sensitive information directly on the attackers’ server. There are other, even more insidious things that she could do, including cookies or presenting the user with a screen that appeared to be a login screen, as soon as the users log in. she has his username and password and can pretend to be him back on the original site. And hence cross site scripting attack need to be prevented. Therefore preventing xss scripting is mandatory to prevent cross site scripting attack to protect php based web applications.

So how do you avoid cross site scripting attacks on your web applications and prevent xss scripting

Fortunately if you are validating your data you are already on the road to protecting your applicatiations.

Validating everything to prevent cross site scripting

Any data that you receive such as form input needs to be validated so that hacker code is detected before it can harm your applications. If you assume the data is bad until you, prove that it is not enough validation you will be much safer and hence a step one to prevent cross site scripting and xss attack

Built in PHP functions can help to prevent cross site scripting

Use build in PHP functions such as strip_tags() to help you sanitize external data.strip_tags() is a great function that removes any html tags from a string. So if you use strip_tags() on ethel’s $_post[‘name’] you will end up this

Window.location=’http://ethelrulez.com’

While this is still not a name. It would not actually redirect the browser the important JavaScript tags have been removed.

Data is guilty until proven innocent

To prevent cross site scripting Start with the most restrictive validation you can, and then only ease up if you have to, For example if you begin by accepting only numbers in a phone number field then start allowing dashes or parentheses , you will be much safer than if you allowed any alphanumeric characters in the first place. Or in the case of guitar wars if we do not allow anything except letters in the name field, we will never even get the less than sign (<) that opens Ethel’s evil JavaScript code.so keep in mind if you want to prevent cross site scripting attack or xss attack.

Regular expressions can go a long way toward making sure only the exact data you want is allowed.All these actions need to be taken to prevent cross site scripting attack and preventing xss scripting to protect php based applications.

Incoming Search Terms


cross site scripting test
cross site scripting error
cross domain scripting
prevent cross site scripting
preventing cross site scripting
cross site scripting attack
how to prevent cross site scripting
xss scripting
preventing xss
xss cross
attack xss

Prevent cross site scripting attack 



0 comments :