Quality Testing

Quality is delighting customers

Examples will really help.

Parallel loop also can be found on http://www.mylot.com/w/discussions/2224851.aspx#1_12909136


to join mylot click me

Views: 314

Reply to This

Replies to This Discussion

Cross Site ScriptingCross site scripting (also known as XSS) occurs when a web application gathers malicious the user will most likely click on this link from another website, instant message. Some security people refer to Cross Site
Scripting as XSS.
Use of Textbox,URL,email
1)2)3)

Please check attach PDF in details


--Sandip Wagh
Attachments:
Thanks Sandip.
Hi Abhijeet ,

Pls. check one more attachment for Cross Site Testing using URL and Textbox etc.



--sandip Wagh
Attachments:
Cross Site Scripting (XSS) is a code injection vulnerability found in web applications and is generally used by malicious hackers to hijack a legitimate user's session with the website. XSS vulnerabilities are caused because of improper validation of user input by the Server and then sending this invalidated input back to the user in some exploitable form. Go through following page for more information
http://www.osix.net/modules/article/?id=603

Cross Site Scripting also is known as XSS. It is most popular and vulnerable attacks for web & mobile applications. While performing the web or mobile app security testing we need to make sure that our application is not vulnerable to XSS attacks.

A cross-site scripting attack is an injection of malicious code that runs in the victim's browser. The malicious script can be stored in the web server and executed each time the user invokes the request for functionality. It can also be done using the other methods, without having a script stored on the web server.

The purpose of this XSS attack is to steal the identity data of the other user using the cookies, session tokens and other sensitive information. This is the reason the xss attack is considered one of the riskiest. In most of the cases, the attack purpose is to steal the other person's cookies.

On the client side, an XSS attack is executed. It can be executed with several programming languages ​​on the client side. Most of the time, however, this attack is done with Javascript and HTML.

There are basically three types of XSS attacks:

1. Stored XSS attack

2. Reflected XSS

3. DOM-Based XSS attack

Stored and reflected XSS is the most popular which affects most the applications.

Stored attacks are those in which the injected script is permanently stored in the destination servers, for example. In a website database, a community forum, input fields, etc. Stored XSS is also known as persistent XSS or Type I XSS. The target's victim receives the server's malicious code infected script when it requests stored memory.

Reflected XSS is sometimes referred to as non-persistent XSS or Type II. these attacks are carried out when a web server reflects the script that was injected with malicious code, For e.g like an error message, the search result or any other response that sends input to the server as part of the request. Reflected attacks are transmitted to victims in many ways, like a link in an email message.

If a user is tempted to click on a malicious link, send a specially crafted form or simply navigate to a malicious website, the inserted code will be redirected to the vulnerable website, which will reflect the user's browser attack. The browser executes the code because it comes from a "trusted" server.

RSS

TTWT Magazine


Advertisement

Advertisement

Advertisement

Advertisement

© 2019   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service