欢迎来到天天文库
浏览记录
ID:40127314
大小:827.34 KB
页数:24页
时间:2019-07-22
《xss protection checklist 》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、THEULTIMATEXSSPROTECTIONCHEATSHEETFORDEVELOPERSV1.0AjinAbrahamAuthorofOWASPXenotixXSSExploitFramework
2、opensecurity.inThequickguidefordeveloperstoprotecttheirwebapplicationsfromXSS.TheisacompilationofinformationavailableonXSSProtectionfromvariousorganization,researchers,websites,andmyown
3、experience.ThisdocumentfollowsasimplelanguageandjustifyingexplanationsthathelpsadevelopertoimplementthecorrectXSSdefenseandtobuildasecurewebapplicationthatpreventsXSSvulnerabilityandPostXSSattacks.Itwillalsodiscussabouttheexistingmethodsorfunctionsprovidedbyvariousprogramminglanguagesto
4、mitigateXSSvulnerability.ThisdocumentwillbeupdatedregularlyinordertoincludeupdatedandcorrectininformationinthedomainofXSSProtection.XSSorCrossSiteScriptingisawebapplicationvulnerabilitythatoccurswhenuntrusteddatafromtheuserisprocessedbythewebapplicationwithoutvalidationandisreflectedbac
5、ktothebrowserwithoutencodingorescaping,resultingincodeexecutionatthebrowserengine.ReflectedorNon-PersistentXSSStoredorPersistentXSSDOMbasedXSSmXSSorMutationXSSReflectedorNon-PersistentXSSisakindofXSSvulnerabilitywheretheuntrusteduserinputisimmediatelyprocessedbytheserverwithoutanyva
6、lidationandisreflectedbackintheresponsewithoutencodingorescapingresultingincodeexecutionatthebrowser.StoredorPersistentXSSisakindofXSSvulnerabilitywheretheuntrusteduserinputisprocessedandstoredbytheserverinafileordatabasewithoutanyvalidationandthisuntrusteddataisfetchedfromthestorageand
7、isreflectedbackinresponsewithoutencodingorescapingresultinginpermanentcodeexecutionatthebrowserwheneverthestoreddataisreflectedintheresponse.DOMBasedXSSisaformofclientsideXSSwhichoccursinanenvironmentwherethesourceofthedataisintheDOM,thesinkisalsointheDOM,andthedataflowneverleavesthebro
8、wser.ItoccurswhenanuntrusteddataisgivenatthesourceisexecutedasaresultofmodifyingtheDOM“environment”inthebrowser.DOMXSSoccurswhentheuntrusteddataisnotinescapedorencodedformwithrespecttothecontext.mXSSorMutationXSSisakindofXSSvulnerabilitythatoccurswhentheuntrusteddataisprocessed
此文档下载收益归作者所有