Lab2 Answers Case Study Example

Cross- Site Scripting is a basically a type of a computer security vulnerability which is normally found in the Web applications. They normally occur when data enters a web application or page through an untrusted source, these mostly entails web request when the client tries to visit a certain site but uses untrusted scripts. It affects most of the applications including most of the critical security applications available in the internet. Mostly they are in two forms which affects the files at different rates in that some are more malicious than the other set of scripts. This depends on the side they affect like the client side and the server side. But it is believed that some accounts for more than 75% vulnerability users do experience in the web applications while they are using them. The venomous content which is sent to the web browser frequently takes the form of a section of JavaScript, but at the same time may include Flash, HTML or any other relevant type of code that the browser may perform. These techniques can be used to bypass the access controls like the case of the same origin policy of the web browser. The two types involve:
- Reflected XSS attacks; this ones are normally reflected off the web server. They majorly occur as in the form of an error message to the user to a web browser and affects most of the applications in use, it displays the error message to the user and consequently may affects the performance of the application in use. This is the most common type of the vulnerable scripts normally experienced in the web browsers. It is believed that the server reads the data directly into the HTTP request and finally reflects it back into the HTTP response. It normally occurs when it is invoked to provide information which is dangerous to the vulnerable web application. The reflected attack is generally bore through email or basically neutral web site. The tease normally put in place is an innocent-looking URL, pointing to a believed site but comprising the XSS vector. In case the trusted site is vulnerable to the vector, clicking the link can cause the victim's browser to perform the interjected script.
- The other type of the attack which has been discussed is the persistent or the stored XSS vulnerability which affects the web application in a different dimension as compared to the non-persistent one. This type is believed to be more dangerous than the reflected XSS one since it can affect the applications permanently and this may affect the performance of the application if proper caution is not taken care of. In most of the occasions, it believed that it occurs when the data which have been provided are saved at some points by the server and then later at some points displayed permanently in the normal pages of the user. This type of the attacker at times can be of great importance than other type of the attacker since Persistent XSS can be more significant than other types since an attacker's vicious script is delivered mechanically and this done without the motive to singly direct dupes. Especially as in the case of social media sites, the code would be advanced planned to self-propagate across describes, producing a type of a client-side worm.
The main difference between the two XSS is that stored can be kept in a web application. This makes it to be easily traced when sent to some victims and this makes it more dangerous than the other XSS, which is the reflected XSS, it can be stored in places like the blog posts, forum posts and other social media sites.