Illustration: How XSS attacks work

Illustration: How XSS attacks work

Currently, of the top 1000 most popular websites with access traffic, 6% have become victims of XSS attacks.

Since the birth of modern Web development technology, cross-site scripting attacks and Web-based security vulnerabilities have been around us, that is, the XSS attacks we will introduce to you.

XSS attacks account for 12.75% of the total number of Web attacks today. About 70% of all reported vulnerabilities are related to XSS attacks. Almost 90% of websites have at least one XSS vulnerability.

Apart from DDOS (Distributed Denial of Service) attacks and SQL injection attacks, XSS attacks can be regarded as the third largest Web attack.

In the past, such famous websites as Twitter, Facebook, YouTube, Yahoo, MySpace, and Paypal have all suffered such attacks.

XSS attacks have caused serious losses to Yahoo!, So Yahoo attaches great importance to this issue. Engineers of the company open-source a series of XSS filters, other Web developers can benefit from their work.

Recently, desktop-based software such as Popcorn Time may be affected by XSS attacks. This is because Popcorn Time is different from the traditional tools developed using C ++ or C #. It uses Node. at the same time, JavaScript is developed on a very complex server.

XSS attacks include Reflected and Stored.

Attackers can design a malicious URL address. When the Web server executes this malicious URL address through a separate response request, the Reflected XSS attack will also occur. This type of XSS attack is the most common and has a short lifecycle, affecting one user at a time. Such attacks are also known as first-order XSS attacks, the first type of XSS attacks, or non-persistent XSS attacks.

Stored XSS attacks are the most destructive of these two types of attacks. This type of XSS attacks can attack a large number of targets at a time. It requires the attacker to carefully design a malicious script, and store the comments or database items in the database of the Web server. In this way, even if the Website user does not click the specially designed malicious URL link, the contents of these malicious files can be displayed to the user. These attacks are also called second-order XSS attacks, the second type of XSS attacks, or persistent XSS attacks.

Here, we will introduce the XSS attack in detail through the image below. Maybe the image below will help those who have no clue about this to find a starting point. The pictures below are produced by Jack Leonard of Barricade, an Irish company that provides security products for small and medium enterprises. In addition to XSS attacks, if you need to understand ddos-attacks-work-489341.shtml "rel =" nofollow, noindex "> DDOS attacks

And SQL injection attacks, you can view our previous articles.