• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Advisories
• Vulnerabilities Tested
• Compliance
• White Papers & Articles
  • SQL Injection
  • Cross-Site Scripting
  • Directory Traversal
  • Public Hub Traffic
  • Modem Intruders
  • Infected Laptops
  • VPN Insecurity
  • Firewall Fallacies
• SSHredder Test Suite

Of further interest:

• NeXpose White Paper

Related services:

• Web Application Security Audits

Cross Site Scripting

The incidence of web application vulnerability attacks and exploitation is steadily rising. As organizations secure their networks and operating systems, hackers are looking for alternative methods of executing malicious and criminal attacks.

Cross Site Scripting vulnerabilities are client-based attacks that rely on vulnerable CGI programs. A CGI program that does not adequately filter its dynamic output allows a malicious user to abuse naother user's trust in your web server by injecting script tags.

Implications of Cross Site Scripting?

An exploit can be made to:

• Access other sites inside another client's private intranet;
• Steal another client's cookie(s);
• Modify another client's cookie(s);
• Steal another client's submitted form data;
• Modify another client's submitted for data before it reaches the server.

Note that SSL connectivity does not protect against cross site scripting.

How NeXpose Helps

Manually testing web applications for cross site scripting vulnerabilities takes more effort than one might expect since every parameter of every script needs to be tested. NeXpose has enhanced its scanning technology with JavaScript and AJAX aware vulnerability scanning for client-side issues such as cross site scripting, simplifying the process of finding and fixing web application vulnerabilities.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact