XSS in Security TestingCross site scripting attack (XSS) XSS is the attack in which malicious java script code is injected in to other web sites. When the malicious code is executed in the victim’s browser, sensitive data (e.g. cookies) could be stolen.
Types of XSS attacksXSS attacks can be categorized into 3 types.
- Persistent – In these types of attacks, malicious code is stored in the database. So whenever the page gets the data from database, malicious code is executed on the victim’s browser.
- Non- Persistent – In these types of XSS attacks, malicious code is not stored in the database.
- DOM scripting
XSS test sitesYou can see how XSS attacks are carried out on below test sites.
How to prevent XSS attacksXSS attacks can be prevented by taking below precautions. Always sanitise the data entered by the user in forms. Do not allows special characters in the HTML forms.
Web development and Automation testing