XSS
The Open Web Application Security Project defines cross-site scripting (XSS) as a type of injection problem in which malicious scripts are injected into otherwise benign and trusted websites. Coding errors that allow this kind of attack are frequent and are often used to infiltrate a website and set up an attack platform for drive-by attacks or access a poorly protected Web server to steal information. A review of 939 application builds conducted by Burlington, Mass.-based Veracode from January 2011 to June 2012 found 78 percent containing information leakage, 71 percent having XSS errors and 67 percent with cryptographic errors.
Next Slide >
