Cross-Site Scripting Attacker inserts malicious code into an application, when regular users request the webpage it returns the malicious page and the attacker gains control over user data via code he injects.
Countermeasure
Safely validating untrusted HTML input
Cookie security
Disabling scripts
No comments:
Post a Comment