How do you prevent default script attacks?

dthomas

What steps should be taken to make websites secure against default script attacks?

Topic: Security
Answer this Question

Answers

3 total
Christopher Nerney
Vote Up (12)

According to Hacking for Dummies, taking these steps will help prevent default script attacks: 

 

  • Know how scripts work before deploying them within a web environment.

     

  • Make sure that all default or sample scripts are removed from the web server before using them.

     

    • Don’t use publicly accessible scripts that contain hard-coded confidential information. They’re a security incident in the making.

     

  • Set file permissions on sensitive areas of your site/application to prevent public access.

 

StillADotcommer
Vote Up (11)

There is a good white paper about defeating script injection attacks that you might find interesting/useful, although it is a few years old now.

jimlynch
Vote Up (9)

Here's a background article on cross-site scripting that might be useful.

Cross-site scripting
https://en.wikipedia.org/wiki/Cross-site_scripting

"Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner."

Ask a question

Join Now or Sign In to ask a question.
An open-source project has released the first free application for the iPhone that scrambles voice calls, which would thwart government surveillance or eavesdropping by hackers.
Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.
Now that BlackBerry has fallen significantly behind Apple and Google in the race to offer features and third-party apps for its smartphones, the company is concentrating on providing devices that, it claims, have the strongest available security -- the killer feature for the enterprise.
Today's hotels are unfortunately vulnerable to types of attempted fraud. Here's how to keep data safe when you travel.
U.S. Senator Patrick Leahy has introduced a new version of a bill to rein in the National Security Agency's bulk collection of U.S. phone records in an effort to strengthen legislation that passed the House of Representatives this year.
The IT infrastructure of the National Research Council of Canada was recently compromised by highly sophisticated Chinese state-sponsored hackers, the Canadian government said Tuesday.
The majority of Android devices currently in use contain a vulnerability that allows malware to completely hijack installed apps and their data or even the entire device.
U.S. and EU privacy and consumer groups called on privacy regulators to stop Facebook's plans to gather the Internet browsing patterns of its users while they visit other sites.
A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.
Questions abound over sites authenticating users via identities established through social networks, Yahoo Ponemon Institute survey shows.
randomness