Cross-Site Scripting for Fun and Profit

Still one of the most common vulnerabilities in web applications, XSS (cross-site scripting) still serves as a useful point of attack for hackers. If you are a web developer, knowing how to properly protect your application from these attacks is a must.

Don’t leave your app open to attack – injection vulnerabilities are not nice.

Cross-site scripting vulnerabilities exist when the user input in web forms or in API calls are not properly escaped and sanitized before it is used. Directly reflecting user input back to the browser can be a sketchy practice. If the user inputs JavaScript into a form input field, and that script executes, then you have a vulnerability that hackers can take advantage of.

Link: https://dzone.com/articles/cross-site-scripting-for-fun-and-profit?utm_medium=feed&utm_source=feedpress.me&utm_campaign=Feed%3A+dzone%2Fwebdev