#CyberlyAware - CyberPodYoruba
Cyber attacks are rampant these days, and one of the most effective ways of curbing them is through training of individuals so they can be aware of these attacks.
In this post, we will be talking about Cross-Site Scripting (XSS).
You can watch CyberPodYoruba here.
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is a security attack usually a code injection that targets web applications that deliver malicious, client-side scripts to a victim’s web browser for execution. Web applications and vulnerable websites are used to carry out cross-site scripting attacks. Targets are not attacked directly; they are attacked only when they interact with these applications or websites.
For instance, an unsuspecting user will visit a website that is compromised, at this point the attacker’s malicious script is executed and loaded by the user’s browser. This can lead to session hijacking, theft of sensitive information and many more. Due to JavaScript’s wide support across many web browsers and platforms, it has been a popular choice for cross-site scripting (XSS) attack authors, but in the real sense, an attack can be done with any language that is supported by web browsers.
Real-world XSS Attack Example
UK British Airways, in 2018 was a victim of a data breach affecting 380,000 booking transactions. The attackers sent customers' data back to a server they controlled by using XSS to exploit the site’s JavaScript.
Like we mentioned before, the best and most affordable countermeasure is adequate training of individuals about XSS attacks.
#2Articles1Week