How do you prevent default script attacks?

dthomas

What steps should be taken to make websites secure against default script attacks?

Topic: Security
Answer this Question

Answers

3 total
Christopher Nerney
Vote Up (12)

According to Hacking for Dummies, taking these steps will help prevent default script attacks: 

 

  • Know how scripts work before deploying them within a web environment.

     

  • Make sure that all default or sample scripts are removed from the web server before using them.

     

    • Don’t use publicly accessible scripts that contain hard-coded confidential information. They’re a security incident in the making.

     

  • Set file permissions on sensitive areas of your site/application to prevent public access.

 

StillADotcommer
Vote Up (11)

There is a good white paper about defeating script injection attacks that you might find interesting/useful, although it is a few years old now.

jimlynch
Vote Up (9)

Here's a background article on cross-site scripting that might be useful.

Cross-site scripting
https://en.wikipedia.org/wiki/Cross-site_scripting

"Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner."

Ask a question

Join Now or Sign In to ask a question.
Hosting provider Namecheap said Monday hackers compromised some of its users' accounts, likely using a recently disclosed list of 1.2 billion usernames and passwords compiled by Russian hackers.
While conducting a penetration test of a major Canadian retailer, Rob VandenBrink bought something from the store. He later found his own credit card number buried in its systems, a major worry.
Attackers deploy Web-based reconnaissance tool to gather information about potential targets in different industries
Europol launched a cybercrime task force Monday to fight online crime in the EU and other countries.
A file-encrypting ransomware program called CryptoWall infected over 600,000 computer systems in the past six months and held 5 billion files hostage, earning its creators more than US$1 million, researchers found.
Former U.S. Secretary of State Hillary Clinton called for a "global compact" on surveillance and the use of collected data, saying the U.S. isn't the only country that does it and American technology companies are unfairly targeted for the government's actions.
Electric carmaker Tesla Motors wants security researchers to hack its vehicles. The Silicon Valley based high-tech carmaker will hire up to 30 full-time hackers whose job will be to find and close vulnerabilities in the sophisticated firmware that controls its cars.
Two recent vulnerabilities are examples of problems that could have been avoided if we had just applied the lessons already learned in similar contexts.
Windows XP users may now download a fourth service pack for the 13-year-old operating system, but it isn't coming from Microsoft.
The growing number of data breaches resulting in massive numbers of payment cards being stolen from retail stores and other businesses is occurring because they're failing to keep up with the Payment Card Industry's data security standard, according to the PCI Security Standards Council.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+