O'Reilly logo

Seven Deadliest Web Application Attacks by Mike Shema

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Employing Countermeasures

XSS vulnerabilities stand out from other Web attacks by their effects on both the Web application and browser. In the most common scenarios, a Web site must be compromised to serve as the distribution point for the payload. The Web browser then falls victim to the offending code. This implies that countermeasures can be implemented for servers and browsers alike.

Only a handful of browsers pass the 1% market share threshold. Users are at the mercy of those vendors (Apple, Google, Microsoft, Mozilla, Opera) to provide in-browser defenses. Many current popular browsers (Safari 4, Chrome Beta, IE 8, Firefox 3.5) contain some measure of anti-XSS capability. Firefox's NoScript plug-in (http://noscript.net/) is of particular ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required