Josh Zelonis, Senior Analyst at Forrester Research, recently told ZDNet cross-site scripting attacks constituted over 21% of vulnerabilities identified by bug bounty programs. This revelation makes cross-site scripting attacks one of the most prominent enterprise digital vulnerabilities.
Yet few conversations about the digital threats businesses face online feature cross-site scripting attacks. So what are they? Why are they such dangerous threats? And what can your enterprise do to prevent them?
Here’s what we found:
What are Cross-Site Scripting Attacks?
An analog virus injects its DNA or RNA into a healthy cell in order to replicate and spread its malicious code throughout the organism.
Cross-site scripting—sometimes abbreviated as XSS— works in a manner similar to its biological namesake. In such an attack, a hacker injects their malicious code into an otherwise healthy webpage; often, hackers target content sharing websites such as blogs, message boards, and video sharing platforms.
Through these exploits, threat actors can accomplish any number of illicit or damaging activities, including:
- Distributing tracking and session cookies on user accounts.
- Stealing user credentials, both regular and privileged.
- Collecting other sensitive user data.
- Dwelling on a site indefinitely, allowing them to attack multiple users.
- Activating trojan horse viruses.
- Modifying page content.
However, cross-site scripting attacks don’t directly target the actual website or application they infect; instead, they use the webpage as an attack vector. In other words, cross-site scripting serves as a stepping stone to infecting the users of the webpage or application in question. This distinguishes cross-site scripting from SQL injections.
What are the Two Kinds of Cross-Site Scripting Attacks?
Experts distinguish two kinds of cross-site scripting attacks: Stored and Reflected.
Reflected Attacks serve as quick attacks; they take advantage of unsanitized server-side scripts. The hacker deceives a user into clicking on a link to the infected website. Once they do, the script reflects off the infected site and lands on the users’ endpoint.
Stored Attacks serve as the more serious version of the cross-site scripting attacks. As per the name, hackers program the victim webpage or app to store their malicious code on infected computers. The website must store the hacker’s code in public view such as on an online forum, which allows the code to infect users simply viewing the page; no click is required.
Is Your Site Vulnerable to a Cross-Site Scripting Attack?
Quite possibly. Positive Technologies found 74% of all web applications vulnerable to this kind of attack. Even if you feel your web application or web page could repel this kind of attack, you can’t have the same level of assurance about the third-party sites your employees access as part of their job duties.
What Can Prevent or Detect a Cross-Site Scripting Attack
A next-generation SIEM solution can help your developers, programmers, and IT security team classify the HTML tags on codes, validating legitimate codes and blocking illegitimate ones. SIEM provides whitelisting and user behavior analysis, which can help identify suspicious activity. Moreover, your IT security team can always update your SIEM’s inputs so it keeps up with evolving threat tactics.
Additionally, SIEM’s threat intelligence can help you identify potential vulnerabilities in your web page and web application codes, preventing the malicious code injection in the first place.
Cross-Site Scripting poses a significant problem to your entire network and to your clients and customers. Thus, you must take the steps necessary to prevent it from exploiting your sites and applications.
Latest posts by Ben Canner (see all)
- Forecast: The Gartner 2019 SIEM Magic Quadrant - May 17, 2019
- LogRhythm Releases LogRhythm Cloud—a Cloud-Based SIEM Solution - May 16, 2019
- The 20 Best Cybersecurity Books for Enterprises in 2019 - May 14, 2019