xss protection checklist

《xss protection checklist 》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、THEULTIMATEXSSPROTECTIONCHEATSHEETFORDEVELOPERSV1.0AjinAbrahamAuthorofOWASPXenotixXSSExploitFramework

2、opensecurity.inThequickguidefordeveloperstoprotecttheirwebapplicationsfromXSS.TheisacompilationofinformationavailableonXSSProtectionfromvariousorganization,researchers,websites,andmyown

3、experience.ThisdocumentfollowsasimplelanguageandjustifyingexplanationsthathelpsadevelopertoimplementthecorrectXSSdefenseandtobuildasecurewebapplicationthatpreventsXSSvulnerabilityandPostXSSattacks.Itwillalsodiscussabouttheexistingmethodsorfunctionsprovidedbyvariousprogramminglanguagesto

4、mitigateXSSvulnerability.ThisdocumentwillbeupdatedregularlyinordertoincludeupdatedandcorrectininformationinthedomainofXSSProtection.XSSorCrossSiteScriptingisawebapplicationvulnerabilitythatoccurswhenuntrusteddatafromtheuserisprocessedbythewebapplicationwithoutvalidationandisreflectedbac

5、ktothebrowserwithoutencodingorescaping,resultingincodeexecutionatthebrowserengine.ReflectedorNon-PersistentXSSStoredorPersistentXSSDOMbasedXSSmXSSorMutationXSSReflectedorNon-PersistentXSSisakindofXSSvulnerabilitywheretheuntrusteduserinputisimmediatelyprocessedbytheserverwithoutanyva

6、lidationandisreflectedbackintheresponsewithoutencodingorescapingresultingincodeexecutionatthebrowser.StoredorPersistentXSSisakindofXSSvulnerabilitywheretheuntrusteduserinputisprocessedandstoredbytheserverinafileordatabasewithoutanyvalidationandthisuntrusteddataisfetchedfromthestorageand

7、isreflectedbackinresponsewithoutencodingorescapingresultinginpermanentcodeexecutionatthebrowserwheneverthestoreddataisreflectedintheresponse.DOMBasedXSSisaformofclientsideXSSwhichoccursinanenvironmentwherethesourceofthedataisintheDOM,thesinkisalsointheDOM,andthedataflowneverleavesthebro

8、wser.ItoccurswhenanuntrusteddataisgivenatthesourceisexecutedasaresultofmodifyingtheDOM“environment”inthebrowser.DOMXSSoccurswhentheuntrusteddataisnotinescapedorencodedformwithrespecttothecontext.mXSSorMutationXSSisakindofXSSvulnerabilitythatoccurswhentheuntrusteddataisprocessed