Traditional Culture Encyclopedia - Traditional customs - What are the definitions, types and defense methods of XSS attacks?
What are the definitions, types and defense methods of XSS attacks?
XXS attack, which stands for cross-site scripting attack, is a computer security vulnerability in web applications that allows malicious web users to embed code into pages provided for other users.
What are the types of XSS attacks? The editor of Ruisuyun will introduce to you the three types of XSS attacks that are commonly seen: reflected XSS attacks, DOM-based XSS attacks and stored XSS attacks.
[if !supportLists]1. [endif] Reflected XSS attack Reflected XSS is generally an attacker who uses specific methods (such as email) to induce users to visit a URL containing malicious code. When the victim clicks on these specially designed links
When the attack occurs, the malicious code will be executed directly on the browser on the victim host. Reflected XSS usually appears in the website search bar, user login port, etc., and is often used to steal the client or conduct phishing deception.
[if !supportLists]2. [endif] Stored XSS attack Stored XSS attack is also called persistent XSS. It mainly submits and stores the XSS code on the server side (database, memory, file system, etc.) and does not need to use it when requesting the target page next time.
Submit XSS code.
When the target user accesses the page to obtain data, the XSS code will be loaded from the server after being parsed and returned to the browser for normal HTML and JS parsing and execution, and an XSS attack will occur.
Stored XSS generally appears in website messages, comments, blog logs and other interactive places, and malicious scripts are stored in the client or server database.
[if !supportLists] 3. [endif] DOM-based XSS attack DOM-based XSS attack It is a DOM-based XSS attack that modifies the DOM structure of the page through malicious scripts. It is an attack that occurs purely on the client side.
In DOM-type XSS attacks, the removal and execution of malicious code is completed by the browser, which is a security vulnerability of the front-end JavaScript itself.
How to defend against XSS attacks? [if !supportLists] 1. [endif] Encode specific characters of the input content, such as symbols representing html tags <>.
[if !supportLists]2. [endif] Set httpOnly for important cookies to prevent the client from passing the document.
Cookie reads the cookie, which is set by the server at the beginning of this HTTP.
[if !supportLists]3. [endif] Before outputting untrustworthy URT parameters, perform URLEncode operation. For obtaining values ??from URL parameters, format check must be performed [if !supportLists]4. [endif] Do not use Eval to
Parse and run undefined data or code, for JSON parsing please use JSON.
Parse() method [if !supportLists] 5. [endif] The back-end interface should also handle key character filtering.
- Previous article:Comments on Fu Lei's Letters
- Next article:How to catch big plank carp in fall
- Related articles
- Regarding traditional martial arts, it is said that "medicine and martial arts are one and the same". Only ask a master of Chinese medicine!
- Lu village, a thousand-year-old ancient village
- What are the sources of traditional famous dishes in China?
- What does DNF mean by this device?
- What is the practice of Nanjing salted duck?
- Research status and main problems
- How many festivals are there in a year at home and abroad?
- Do you pay attention to the color of Xian's bowl?
- What about Linfen Jinchangxu Electronic Commerce Co., Ltd.?
- Isn't there a Cantonese song with the lyrics "When the rain falls heavily, the streets are flooded"? If so, please tell me the name of the song.