Cross Site Scripting (Glossary)

  • CEH (Certified Ethical Hacker) - A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.

  • Cookies - A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information about you, similar to a preference file created by a software application.

  • Cross Site Scripting(XSS) - Cross site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into otherwise benign and trusted web sites. Cross site scripting flaws are the most prevalent flaw in web applications today. Cross site scripting attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.

  • Stored XSS - Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS.

  • Reflected XSS - Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other website. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a “trusted” server. Reflected XSS is also sometimes referred to as Non-Persistent or Type-II XSS.

  • DOM Based XSS - DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

  • HTML- Stands for “Hypertext Markup Language.” HTML is the language used to create webpages. “Hypertext” refers to the hyperlinks that an HTML page may contain. “Markup language” refers to the way tags are used to define the page layout and elements within the page.

  • Javascript - JavaScript is a programming language commonly used in web development. JavaScript is a client-side scripting language, which means the source code is processed by the client’s web browser rather than on the web server.

  • Network - A network consists of multiple devices that communicate with one another. It can be as small as two computers or as large as billions of devices. While a traditional network is comprised of desktop computers, modern networks may include laptops, tablets, smartphones, televisions, gaming consoles, smart appliances, and other electronics.

  • Operating System(OS) - An operating system, or “OS,” is software that communicates with the hardware and allows other programs to run. It is comprised of system software, or the fundamental files your computer needs to boot up and function. Every desktop computer, tablet, and smartphone includes an operating system that provides basic functionality for the device. Common desktop operating systems include Windows, OS X, and Linux.

  • OWASP - The Open Web Application Security Project (OWASP) is a 501©(3) worldwide not-for-profit charitable organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations are able to make informed decisions.

  • Pentesting - Penetration testing is a formal procedure aiming at discovering security vulnerabilities, flaws risks, and unreliable environment. In other words, penetration testing can be seen as a successful but not damaging attempt to penetrate a specific information system; mimicking activities cyber criminals would engage in with the intention to compromise this system.

  • Script - A computer script is a list of commands that are executed by a certain program or scripting engine. Scripts may be used to automate processes on a local computer or to generate Web pages on the Web.

  • Session - In the computing world, a session refers to a limited time of communication between two systems. Some sessions involve a client and a server, while other sessions involve two personal computers.

  • Tokens - 1. In networking, a token is a series of bits that circulate on a token-ring network. When one of the systems on the network has the “token,” it can send information to the other computers. Since there is only one token for each token-ring network, only one computer can send data at a time. 2. In programming, a token is a single element of a programming language. There are five categories of tokens: 1) constants, 2) identifiers, 3) operators, 4) separators, and 5) reserved words. 3. In security systems, a hard token is a small card that displays an identification code used to log into a network. When the card user enters the correct password, the card will display the current ID needed to log into the network. This adds an extra level of protection to the network because the IDs change every few minutes. Security tokens also come in software versions, called soft tokens.

  • Web browser - A web browser, or simply “browser,” is an application used to access and view websites. Common web browsers include Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, and Apple Safari.The primary function of a web browser is to render HTML, the code used to design or “mark up” webpages.

Escribe tu comentario
+ 2