XSS Attack Methods
| Autor: | Craig A. Schiller, Scott Paladino, Michael Gregg, Robert 'RSnake' Hansen, Anton Chuvakin, Jeremiah Grossman, Dan Dunkel, Anton Rager, Larry Chaffin, Petko 'pdp' D. Petkov, Champ Clark, Seth Fogie |
|---|---|
| Rok vydání: | 2008 |
| Předmět: |
Ajax
Unobtrusive JavaScript Computer science Cross-site scripting Rich Internet application ComputerApplications_COMPUTERSINOTHERSYSTEMS Cross-site request forgery Content Security Policy Computer security computer.software_genre World Wide Web Web design Web page computer computer.programming_language |
| DOI: | 10.1016/b978-159749224-9.50009-7 |
| Popis: | Gone are the days when the reliance was on perimeter firewall security, patching, and solid configuration. The landscape has completely changed and solutions are racing to catch up, but not fast enough it seems. This chapter introduces the far reaching potential that a small bug in a Web site can give an attacker. From stealing the history to stealing the router, JavaScript malware makes it all possible. JavaScript malware has taken on a life of its own and it seems its power increases daily. Presently, a user history isn't safe, because of the fact that they’re logged-in, their internal network is exposed, and they can't trust the Web page they’re seeing on a trusted Web site. JavaScript/CSS, using the getComputedStyle API, can be used to pilfer information about a Web browser surfing history. The JavaScript Console can be used to determine if a user is logged in at a Web site using error messages. Perimeter firewalls can be breached by using an Intranet user's Web browser as an attack platform. JavaScript can be used to determine a user's NATed IP address. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|