XSS is a client-side code injection attack. In this kind of attack, websites are injected with malicious JavaScript code. XSS occurs when input parameters have not been correctly handled or validated in web applications, which allows an attacker to send malicious JavaScript code to a different end user.
The end user’s browser does not recognize it as a malicious script and falls into the XSS trap. This type of attack does not threaten users directly with a payload, but the attacker targets the XSS vulnerability by injecting a malicious script on a web page that seems to be a real part of the website. Thus, when any user visits this website, the XSS-afflicted website sends malicious JavaScript code to the user’s browser without their knowledge.
Have you ever encountered a pop-up when visiting a web page or browsing a particular item on a site? Imagine if these pop-ups were carriers that delivered malicious payloads to your devices or captured confidential information. This is a type of cyber attack called cross-site scripting, or XSS. Cross-site scripting is one of the most common attacks in 2022, and it made the OWASP top 10 web application security risks. Let’s take a tour of cross-site scripting and learn how an attacker executes malicious JavaScript code on input parameters, creates pop-ups to deface web applications, and can hijack an active user session.
Build here
-
How to prevent cross-site scripting with Go. Looking to understand the various cross-site scripting techniques used by attackers? Learn the details from developer experts including XSS prevention methods.
-
Red Hat Developer roundup: Best of June 2022 Security, code tracing, SaaS, and more: Get the Red Hat Developer highlights for the month.
-
Trace kernel code operation with SystemTap Identify anomalous behavior in the Linux kernel or user space applications, down to the level of particular lines of code, using SystemTap.
-
Add libraries to a Node.js container with S2I Red Hat provides S2I images for many languages, including Node.js. Learn how to install additional libraries (RPMs) to base S2I (Source-to-Image) images.
-
The road to JBoss EAP 8 Find out how Jakarta EE specifications have evolved since Red Hat JBoss Enterprise Application Platform 7, and what to look forward to in JBoss EAP 8.
-
A modern Quarkus UI with no hassles | DevNation Tech Talk
-
Bash Shell Scripting Cheat Sheet
Bits
-
Red Hat OpenShift Streams for Apache Kafka Apache Kafka helps microservices communicate by serving as a distributed message platform. Try the service today and get started connecting microservices.
Events
-
JBCNConf | July 18, 2022 Join us in Barcelona – we are the Top Sponsor, and many Red Hatters are speaking. We look forward to seeing everyone in person again!
-
DevConf.US | August 18-20, 2022 DevConf.US 2022 is the 5th annual, free, Red Hat-sponsored technology conference for community projects and professional contributors to free and open source technologies at Boston University in the historic city of Boston, USA.
Source: https://developers.redhat.com/articles/2022/06/28/cross-site-scripting-explanation-and-prevention-go
