Today developments in website creation and utilization technology are increasingly sophisticated with many new ideas being developed. But following that the term cyber crime or crime in the cyber world (internet) is also increasingly widespread.
One of them is the existence of XSS or Cross Site Scripting. Before explaining their understanding, readers must wonder why using "X" for Cross instead of "C". This is because the use of CSS already exists for Cascade Style Sheets which is also part of the world of web programming.
In order to avoid the danger of XSS for web developers or as an additional reference, we write this article as additional reading material. Immediately, a complete review of the understanding of XSS and how it works and how to prevent it you can see below:
As the name implies XSS or which stands for Cross Site Scripting is one forms of interference in the form of Code Injection Attack or code injection attacks.
This is because the main purpose of using XSS is to retrieve important data, retrieve cookies from the user or send a program that can damage the user but as if – the cause is from the web itself .
Therefore, even though this seemingly trivial XSS is deeply complained of by web or application developers who will publish the results of their project. When their security is successfully broken and XSS has been compromised it will be very difficult to overcome and even more troublesome when it has been widely accessed by many users. The user as the most affected layman must assume that the developer intentionally created the malicious code, even though it was the work of outsiders with his XSS.
How it Works XSS
After understand what is meant by XSS then next is to understand how XSS works. The purpose of the author to give this review is not to provide knowledge on how to tuck in precisely to anticipate when in the world of work or as a developer you encounter the same thing.
In this case the authors assume that the attacker who uses XSS is a hacker because it is the ability to break into security web or application.
General description of how XSS works is actually quite simple, therefore many developers also underestimate it. However, when it has been published and it is missed, the impact is very big, not only users, even to server . The hacker or attacker first tries to find a security hole in a website.
The example above is the simple part, the most dangerous is when the attacker takes the container for XSS in the input file section like the registration form. In PHP scripts usually use the line code $ _GET to send data that has been filled by the user to the web server database. However, when XSS is infiltrated, the data sent can be redirected to his server first and then entered the server that should be. This can be done by changing the script on the submit button or in the code $ _GET, then sending data to the attacker's server and then recorded in the database.
The goal could be to increase traffic or backlinks to the web that is owned by utilizing a web that has been broken into. . If important data is entered, of course the impact will be even greater.
How to Prevent XSS
A few years ago there was news that a website owned by one of the leading banks in Indonesia XSS has been infiltrated so that a lot of customer data is taken. In carrying out the action the hackers or attackers do not ever discriminate in terms of choosing which web to be targeted. And because the bigger the website being targeted, the possibility of detecting XSS will be increasingly difficult.
There are various forms of XSS according to the impact and the way the work is done so as to prevent it is quite diverse as well. Starting from the use of "global_xss_filtering" in the old CI framework but no longer exists. Maybe the Codeigniter developers already know that the XSS problem is output not on the input.
One other way to prevent XSS attacks is also already in the PHP function, using htmlspecialchars (), but escaping is also not enough. Can also be done by blocking all inputs in the form of script tags or image sources. Also do security for your Cpanel because this is the main key to the entry of XSS.
It could also use a web security application, one of which the authors recommend is the Acunetix application. The use of Acunetix is likened to White Hacker which is able to protect web security quite significantly.
It takes quite a long time to do a scan of website security if using Acunetix but the results provided are also quite large. Not only XSS, Acunetix can detect the presence of SQL Injection PHP Injection, Cross Frame Sripting (XFS), URL Redirection, checking files on the server and many more.
That is the understanding of XSS and how it works and how to prevent this XSS attack from breaking into your web or application security. Hopefully useful and easy to understand!