Is Your Web Site XSS Proof?

If you are the owner of a web site then you know that there are many threats that you have to deal with on a regular basis.

From people trying to DDOS your web site to someone trying to steal data from your users, if it is not one thing then it is another in the daily life of a webmaster.

This is why you or someone on your staff should be able to seek to have the web site sterilized from vulnerabilities that might be on the site itself.

To do this, you need to be able to recognize code that is bad on the web site.

Of course, I know that a lot of people who have web sites do not know how to code in javascript or any of the other languages, and may know a little HTML.

Of this is you, then you should find someone who will be able to find out these details for you.

It is better to be safe than sorry when it comes to the clean operation of your web site.

is your web site XSS proof?

is your web site XSS proof?

XSS Attacks

The main threat that you have to worry about on your web site these days is someone pulling an XSS attack on your site.

An XSS attack is a Cross Site Scripting attack and it allows the attacker to inject bad code to your users.

Once the code is activated it can do different things like change the data on your cookies, allow the attackers to have access to pages that only a logged in user is supposed to see, and worse steal information from your users.

This is all done because the attack allows a person to bypass the normal security measures that a browser would have when it comes to executing a script from another web site on the page that the user is visiting.

Attacks such as these are the reasons the browser companies agreed to a mandated way to handle scripts coming from another web page.

So to make sure that this attack does not affect your users, you should have an audit of your code at least once a year.

If you know how to check the code yourself, then you should do it on sensitive portions of the web site at least once a month.

Check the forms on your page and make sure that they are filtering out the data that they are supposed to do.

You do not want the input part of your form to be able to inject javascript into your web page.

While you are at it, make sure that you check your code so that it is sanitizing MySQL attacks as well.

An XSS attack on your users can cause you and them a lot of pain.

They will not know that someone else attacked their computer and they will blame it on you.

You can avoid the trouble by making sure that you have someone look at your code on at least an annual basis.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] either an XSS attack on Facebook itself or leading you to another web site which will deliver the XSS attack.This all means that you have to be really careful when you are visiting Facebook. Even though it […]

  2. […] you have to worry about.How does an XSS attack affect your phone?Let’s take for an example an XSS attack. An XSS attack is a cross site scripting attack. It means that an attacker is able to inject code […]

  3. […] This post was mentioned on Twitter by 尾崎リサ, Gutenbyte. Gutenbyte said: Is Your Web Site XSS Proof?: Once the code is activated it can do different things like change the data on … […]

Speak Your Mind