The most important protection when coding a website. #Cross Site Scripting(XSS)

in #programming3 years ago

The internet is based on a markup language called HTML which is responsible for displaying virually everything on it. But because just beeing able to put graphics, texts and links on your site would be pretty lame, so for interactivity sake javascript was created, and with it one of the biggest vulnerabilities in the coding world. Cross Site Scripting.

What is it?

Cross Site Scripting is the easiest way to break/hack any website. It works by just putting any kind of javacode script into any textbox on a website and seeing if it will execute and if it does the options are limitless.

How does it work?

Cross Site Scripting works if a web developer did a mistake and forgot to turn any < symbol into &lt; the lt in this case stands for less than and if this isn't written down for every text box on your site, people can easily do just about anything on your site from making everything bold to dumping user data. An legal example for testing it would be to put something like this in an input field :


If this makes a text box pop up the developer made a mistake and you should inform him about it, if you continue doing such stuff to the website you might get in trouble. But if you inform him, you should not bother asking him if he'd give you a finders reward. As this could easily create a lot of trouble .


So, what do we learn from this? Be careful of how you code your websites dont forget these : &lt; and if you want to make a few bucks try finding mistakes on other sites (it doesn't work on steemit)

Image Source