O'Reilly logo
  • Tony Hilary thinks this is interesting:

This type of attack is the most common attack today. It typically involves an attack based on a weakness or security hole in the browser (called an exploit). A hacker uses the exploit to inject a client-side script into web pages that other users are viewing. The script is executed in the browser on the client, launching embarrassing ads and infecting the client with malware. As an admin, recognizing a cross-site scripting attack and alerting the security team is essential. Preventing this type of attack is done through the web page code; the developer of the application should use good, secured coding practices to help avoid these problems.

From

Cover of Learn Windows IIS in a Month of Lunches

Note

important security features