Prevent cross site scripting attack to protect app
Cross site scripting is referred to as XSS.Cross site scripting attack is done to web app where script code is passed to your form processing script and hijacks your output. It is a big security problems in php web apps. let’s take a look for preventing xss scripting, what it is and how to prevent cross site scripting .
 |
| Prevent cross site scripting attack to protect app |
Cross site scripting usually takes advantage of sites that display user submitted data. Any data you get from your users and display could potentially be corrupt and cause visitors to your site to be vulnerable to a hacker.and hence we need to prevent cross site scripting.
Using an xss Attack or cross site scripting attack , a hacker can do any number of things. One of the worse it to redirect your result page to a page on a site under their control that might ask the user for further information. Your user might notice that he is no longer on your site. And since he trusts your site and since he trusts your site he might willingly submit sensitive information directly on the attackers’ server. There are other, even more insidious things that she could do, including cookies or presenting the user with a screen that appeared to be a login screen, as soon as the users log in. she has his username and password and can pretend to be him back on the original site. And hence cross site scripting attack need to be prevented. Therefore preventing xss scripting is mandatory to prevent cross site scripting attack to protect php based web applications.
So how do you avoid cross site scripting attacks on your web applications and prevent xss scripting
Fortunately if you are validating your data you are already on the road to protecting your applicatiations.Validating everything to prevent cross site scripting
Any data that you receive such as form input needs to be validated so that hacker code is detected before it can harm your applications. If you assume the data is bad until you, prove that it is not enough validation you will be much safer and hence a step one to prevent cross site scripting and xss attack
Built in PHP functions can help to prevent cross site scripting
Use build in PHP functions such as strip_tags() to help you sanitize external data.strip_tags() is a great function that removes any html tags from a string. So if you use strip_tags() on ethel’s $_post[‘name’] you will end up this
Window.location=’http://ethelrulez.com’
While this is still not a name. It would not actually redirect the browser the important JavaScript tags have been removed.
Data is guilty until proven innocent
To prevent cross site scripting Start with the most restrictive validation you can, and then only ease up if you have to, For example if you begin by accepting only numbers in a phone number field then start allowing dashes or parentheses , you will be much safer than if you allowed any alphanumeric characters in the first place. Or in the case of guitar wars if we do not allow anything except letters in the name field, we will never even get the less than sign (<) that opens Ethel’s evil JavaScript code.so keep in mind if you want to prevent cross site scripting attack or xss attack.
Regular expressions can go a long way toward making sure only the exact data you want is allowed.All these actions need to be taken to prevent cross site scripting attack and preventing xss scripting to protect php based applications.
0 comments :