Protect Against Cross Site Scripting (XSS) Attacks

Abstract: Cross Site Scripting (XSS) is a vulnerability in web applications that allows an attacker to inject HTML, typically including JavaScript code, into a web page. XSS results from the intermingling of server code and user input. If user input is not sanitized correctly, it could contain code that runs along with server code in a client’s browser. In 2010, XSS was ranked the #2 web application security risk by the Open Web Application Security Project (OWASP) and the #1 software error by the SANS Institute. This factsheet explains ways to mitigate XXS attacks.

Date Published:

Last Reviewed: 16 July 2015


Dissemination Control: N/A

Length: 2 page(s)

Format: pdf

Type: Reference/Overview; Factsheet

Tags: Intrusion Detection and Prevention; Configuration Management