San Jose Area Businesses are Vulnerable to Cross-site Scripting Exploits

by | Aug 8, 2019 | Software Development

Top Stories

Categories

Archives

Cross-site scripting vulnerabilities, better known as XSS attacks, have become increasingly common in the San Jose area and throughout the country. Hackers are able to take control of otherwise safe sites simply by exploiting a single vulnerability that’s often found in web applications. While researchers are continuing to work on new ways to fight back against these attacks, they’re becoming a serious problem for small business owners who may not have the luxury of installing every single security update that comes their way.

How Criminals Seize Control of Remote Servers

Client-side scripting is a technology that allows browsers to change interface behavior whenever certain conditions are met. These could involve certain keystrokes, mouse movements or taps on a touchscreen. Developers have begun to rely on it for everything from providing forms to serving maps.

In order to make this technology viable for site operators, it requires that most of the heavy lifting is done by client computers. When you load a page with a phone or tablet, the processor inside of the device actually renders the page after downloading assets from a remote server. XSS attacks work by sending extra instructions along with the download requests. These look like legitimate scripting events when in actuality they’re malicious ways that eventually allow crackers to run arbitrary code.

Fighting Back Against Malicious Attacks

Researchers have found that by adding padding to the tops of scripts it becomes more difficult for crackers to insert extra code. Any malformed URLs that crackers come up with wouldn’t work in this case, because they’d simply point to a 404 page and refuse to load. This technique could put a stop to a majority of these attacks, but research in the field continues. Visit on the web at website for all of the latest news about what’s being done to stop XSS attacks and keep site operators safe.