Many developers tend to have a bit of arrogance about them.
They grew up thinking that they were one of the best when it came to computers and that they know everything that there is to know about the machines.
They have taken them apart and put them back together. Many times.
They did all of this while also studying computer science so they think that they have all the basics when it comes to the computer.
They translate this knowledge of the computer into a false sense of security that they know all of the ways that a computer can be exploited as well.
Since they know the machine so well, this means that they know all of the ways that it can be broken.
This is far from the case.
It takes a special kind of person to be able to find all of the loopholes in a system.
No matter how well you know the system, if you are not that type of person, then you will still leave holes in your code.
This is why there are still new web pages being built that allows an XSS attack to filter through.
What is an XSS attack
An attack is another way to say cross site scripting attack.
The shortened version of cross site scripting attack is CSS and we all know that term is being used in another part of computer terminology so, to make it less confusing, they labeled it XSS.
A cross site scripting attack allows you to place script on a web page that was not there already.
Once the script is planted on the page, it is able to bypass certain browser security measures.
This would lead to a lot of exploits being developed on the client side part of the browser.
To stop this from happening browsers came up with a new rule called “same origin policy”.
This meant that a script could not execute unless it was coming from the web page that the visitor was on at the time.
With an XSS attack, the bad guy is able to bypass this restriction.
This was been a problem for a while but for the most part it has been fixed.
With certain filters put into the forms of a page, developers are able to stop the attacks from happening.
So this leads to the question, why does it still happen?
The fact is there are a lot of developers who still do not know what an XSS attack is and how it can be stopped.
Not everyone that is a developer is a computer whiz.
There is a good portion of the developer audience that know how to do the basics and not much more.
This is why we still see new web pages that are still vulnerable to this type of attack.
The solution to the XSS problem
If you are going to have a person develop a new webpage for you make sure that they understand basic security principles as well.
If not, then your site can pay the cost later on down the line.