What Exactly Is A JS Injection Worm?

There are so many ways that a black hat hacker can attack a system now that it is hard for even the most experienced of security experts to be able to know about all of them.

So if you are expecting the average programmer to know about every way that a system can be attacked in their code then you will be disappointed.

This is why if you are a programmer you must start to read as much as you can about protecting the web sites that you create.

You can start here by learning about JS injections.

The more that JavaScript is used for everyday interactions with our web sites, the more we are going to start to see these types of attacks.

I will tell you what they are and how you can avoid them from happening to you.

what is a JS injection worm?

what is a JS injection worm?

What Is A JS Injection Attack?

When you talk about an injection attack you are talking about the ability of an attacker to be able to place SQL or executable JavaScript in your text boxes on the web site that you create.

When you create a form you usually create some form of text box and a submit button.

When the submit button is hit, the data that is in the text box goes to a page, that usually has server side code in it, and it is processed on the server.

If the attacker is able to place code on there that will execute on the server then they can make it do things that it was not supposed to do.

So with a JS injection worm the code is processed on the page and a Worm is activated.

A Worm is a certain kind of malware that propagates itself from server to server.

The injection could be a Worm attack but it could also be, as I said before, an SQL attack which would do something bad to the database that you have on the system.

How Do You Stop This Type Of Attack On Your Server?

If you want to be sure that this does not happen to you then you should make sure that all of the places that you have a user input data are properly sanitized.

That means that only the type of data that you allow will be able to get through to the server of the JavaScript engine of the browser.

You must make sure that you protect the input forms from both client side and server side attacks.

That means that the JavaScript code that you use must be sanitized as well as the server side code that you use.

If you close one and not the other then you still leave yourself open to attack.

It is easier to protect yourself from both types of attacks in the beginning.

Make sure that when you create a form on a web page that you follow security procedures.

If not then your web site can come under attack as well.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] This post was mentioned on Twitter by Dave, Gumblar, Herwin Dante, Lee, Chad Choron and others. Chad Choron said: What Exactly Is A JS Injection Worm? http://tinyurl.com/38js84x […]

Speak Your Mind

*