How to avoid and prevent your site to from getting XSSED ?
What is XSS ?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.
Types of XSS -
- Store XSS
- Reflective XSS &
- DOM BASED XSS
Now Lets Come to the point How to avoid and prevent XSS.
To Avoid XSS you have to use the well known best php function " htmlspecialchars() " to avoid it.
Example of XSS Vulnerable CODE :
This functions Convert the predefined characters "<" (less than) and ">" (greater than) to HTML entities.
Example of XSS Vulnerable CODE :
echoing/printing vars directly can lead to security hole!See below it is a bad code and vulnerable to XSS -
Example of safe code :
Below image is example of safe and good code.It is safe and not vulnerable code because we haven't echoed/printed directly this time -
Sometime in some way it still can be bypassed.So we need function like str_replace(), and strpos()
to avoid bypassing. below is an example how to get best protected code -
You can find that example of code over here - CODE
Second Example -
(in this example I'm gonna use this function - str_replace)
You can find this code example over here - CODE
Hope you got HELP by Reading :) regards -
./mikail aka mkay!
./mikail aka mkay!
Hi. I’m Mikail Khan(Mkay), 1st a PHP and MySQL programmer plus developer and then, a young Tech Blogger from Pakistan who loves to read and write blogs.Feel free to ask, in-case you have any query regarding computers concat me here!.
0 comments:
Post a Comment