Web users warned of cross-site script attacks


Web users warned of cross-site script attacks

Cliff Saran

Web servers and web-based applications are increasingly vulnerable to cross-site scripting attacks, internet security firm NTA Monitor has warned. Its research has found that attacks are beginning to appear on social networking sites and forums.

Roy Hills, technical director at NTA Monitor, said, "Attackers are creating websites in which they embed malicious code to track a visitor's searches, user names and passwords. The code can affect a visitor's PC without their knowledge and can quickly spread to other visitors' machines."

Cross-site script can occur when information submitted by users is not properly stripped of HTML tags, enabling an attacker to embed malicious code on a website, Hill said.

"When the website is accessed, the code will execute code in a user's browser. A user may be redirected to a fake website or have their log-in or user information compromised. In the worst cases, users' computers can be compromised."

It can be difficult to identify the malicious code, as browsers do not identify malware.

Hills said IT directors should ensure that staff run anti-spyware and anti-malware programs, and undertake regular penetration testing.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy