The internet is a wonderful thing! One of the greatest things about it is that it has allowed many of us to own our own businesses and websites, which allows us to work from the comfort of our own home. But, as many of you know, the greatness also comes with risk. When you have your own website, you have to be aware of website vulnerabilities.
A recent study by WhiteHat (http://www.whitehatsec.com) security in Santa Clara, California, has shown that there is a real problem with website vulnerabilities. The study showed the top ten website vulnerabilities and also showed that one out of every three website has vulnerability issues that put their companies at risk. According to the study, the most common vulnerability continues to be Cross Site Scripting (also known as XSS).
Cross site scripting is a type of computer security vulnerability which occurs when a web application gathers malicious data from a user. The data is often gathered in the form of a hyperlink that contains malicious content within it. One way that an attack can happen is when code is hidden in a “click here” hyperlink attached to a URL that points to a non-existent web page. When the page is not found, the script is returned with the bogus URL, and the user’s browser executes it. An exploited cross site scripting vulnerability can be used by attackers to bypass access controls. Their impact on companies may range from a petty nuisance to a significant security risk depending on the sensitivity of the data handled by the vulnerable site.
So what can you do to protect yourself? As a business owner, remember that XSS holes can be very costly to your business if abused. Filtering is a good way to solve XXS attacks and also using a vulnerability scanner to scan your website for any cross site scripting errors. As a user, the easiest way to protect yourself is to only follow links from the main website you wish to view. If you are visiting a website and it links to EBAY, for example, instead of clicking on the link, visit EBAY’s main site. Sometimes XSS can even be executed when you open an email or email attachment. Be aware of website vulnerabilities.