XSS is cross-site scripting which is a type of problem associated by injecting malicious scripts into websites that normally would be safe and trusted. This is usually carried out by an attacker utilizes an application software to send a malicious code to the intended website. These are most commonly sent in the form of side scripts from the attacker to the targeted user. There are several means by which a computer user can protect them from such XSS attacks. Turning off of HTTP TRACE; this is a support that is found on all web servers. This prevents collection of the user’s cookies information and sending it to the attacker’s server. Also, one can include escaping and validation techniques that will prevent the tampering of parameters as well as the XSS injection attacks.
The SQL injection attacks pose threats that can cause considerable damage or also complete system damage. An SQL injection attaches refers to the technique by which the attacker includes a malicious code into other strings of code that are then transferred to the database for its execution. To protect against these attacks one can use an application that filters out all the special meaning in SQL. Alternatively one can never concatenate the input from the user with applications from SQL to from the ones that are sent to the database (Clarke, 2009). XML injection attacks are acts in which an attacker attempts inject a variety of XML tags into a SOAP message. This is usually in order to change the structure of the XML. To protect a computer user from an XML injection attack, one can have the WSDL containing a valid description of the elements that have been used, the data types as well as the attributes.
These techniques are not heavily relied on as they tend to be more complex and not easily understood by the common user.
REFERENCES
Clarke, J. (2009). SQL injection attacks and defense, Waltham, US: Syngress Pub.
