Security News > 2021 > June > Why XSS is still an XXL issue in 2021

Why XSS is still an XXL issue in 2021
2021-06-15 05:00

Malicious scripts for reflected XSS attacks don't exist on your web application or site forever.

Years ago, XSS vulnerabilities were mostly present in web application "Surface" inputs, such as in the type of form fields where sites may ask visitors to enter their names, email addresses, credit card info, or ZIP code.

Though XSS vulnerabilities directly impact the visitor of a web application, they reside in the web application itself.

We've tracked a steady increase in network attacks like XSS exploits targeting web apps and other exposed resources since the start of the pandemic in our Q4 2020 Internet Security Report, and the gradual reopening of offices hasn't stopped that growth.

The best technical solution for detecting XSS attacks against your website or application is a web application firewall.

Web framework creators can and do make secure coding mistakes, and their code can introduce XSS flaws, so you must vet the ones you use regularly and always use the latest updates to resolve potential vulnerabilities.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/FfxD9dcnmAI/