Easy way to secure ur site from xss

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Easy way to secure ur site from xss

    XSS stands for Cross Site Scripting. In such attacks a hacker seems to inject some scripts into your site source code.Lets see some basic precautions to protect site from XSS attack.
    Mainly hackers have two objectives in doing XSS:
    1) Redirecting all site visits to some other site
    2) Running a malicious script on user PC and stealing his account or other private information.

    XSS increases possibility when you are taking an input from user and showing it on some page of site. Hacker tries to find such an input and enters his malicious script code. The script gets injected into your site. Such an input can be a HTML form or GET passed in URL.

    To protect site from such a script input,always have moderate content on site. If your site is big and moderating is not easy then you can have auto moderator script which checks for invalid inputs.

    For example to run a script hacker must use <script> html tag. To embed it in your page he will input <script>. So instead of keeping angular bracket < , replace it by &lt; before displaying iton page. When you use &lt; it won’t be treated as a HTML tag and script won’t be executed.

    Also disable “.js” in input, so it will block all JavaScripts. You can also disable external links for more security.

    Advance level: One can think of advance level algorithm like this.

    Store checksum of all your files. Compare checksum time by time setting a cron job. If change is found restore original file
    Girls are like internet domain name, The girls i like are already taken!

    #2
    also install apache mod security
    Advertise your mobile site for FREE with AdTwirl

    Comment


      #3
      Originally posted by GumSlone View Post
      also install apache mod security
      the problem with mod security is that many false positives are also detected...resulting in loss of visitors...

      Comment

      Working...
      X