Skip to main content

The Top 10 Web Application security vulnerabilities starting with XSS

Posted by caroljmcdonald on September 29, 2009 at 9:09 PM PDT

This and the next series of blog entries will highlight the href="http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">Top
10 most critical web application security vulnerabilities
identified by the Open
Web Application Security Project (OWASP)
.



You can use OWASP's href="http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project">WebGoat
to learn more about the OWASP Top Ten security vulnerabilties. WebGoat
is an example web application, which has lessons showing "what not to
do code", how to exploit the code, and corrected code for each
vulnerability.



src="http://blogs.sun.com/carolmcdonald/resource/300px-WebGoat-Phishing-XSS-Lesson.JPG">





You can use the href="http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API">OWASP
Enterprise Security API Toolkit to protect against the OWASP Top
Ten security vulnerabilties.



src="http://blogs.sun.com/carolmcdonald/resource/550px-Esapi-before-after.JPG">



The ESAPI
Swingset
is a web application which demonstrates the many uses of
the Enterprise Security API.



src="http://blogs.sun.com/carolmcdonald/resource/swingset.jpg">


OWASP Top 10 number 1: XSS = Cross Site Scripting

Cross Site Scripting (XSS) is one of the most common security problems
in today's web applications. According to the href="http://www.sans.org/top-cyber-security-risks/">SANS Top Cyber
Security Risks, 60% of the total attack attempts observed on the
Internet are against Web applications and SQL injection and Cross-Site
Scripting account for more than 80% of the vulnerabilities being
discovered. You are at risk of an XSS attack any time you put content
that could contain scripts from someone un-trusted into your web pages.


There are 3 types of cross site scripting:

  • Reflected XSS: is
    when an html page reflects user input data, e.g. from HTTP query
    parameters or a HTML form, back to the browser, without properly
    sanitizing the response. Below is an example of this in a servlet:

    width="100%">
     out.writeln(    
    Related Topics >>