In my previous post i tried to explain you what is XSS and what are alert points of this kind of vulnerability! 
Now, In this section I am going to explain you how to find this vulnerability and make it fix.
In manual way you can perform test of XSS using simple java scripts code which you can inject in page via search boxes , On pages like Guest books and in simple where input text shown on page and can excute as HTML/JS code.You can test it with various mathods but in general you can check with this kind of script.
<script>alert(’xss’);</script>
Inject script in the places which above mationed .
OR You can automatic check XSS with web scanner you can google it the word “xss scanner”.and also can perform test via tool name Acunetix Web Scanner.
Now, What if you find this vulnerability in to your application?? How to fix it?
bug XSS: Brief introduction of general bug Part 2 Preventions/bug fixing
here the steps to fix this bug or prevent your application from it.
* Input filtration :- * Characters must be filtered out from the web application inputs. These should be filtered out both in their ASCII and HEX values.
* Filter output based on input parameters for special characters.
* Validating/Identiying :-* Validate input values from input boxes and identifying special characters.
* Make validation to encoded characters and strings also.
* Encoding:-
* Encoded output on input malicious data to stop form excution.
This are the way to stop this bug from your application.
You can use more reference too learn this bug fix deeply.
http://msdn.microsoft.com/en-us/library/ms998274.aspx
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/cross-site-malicious-content.html
http://www.ibm.com/developerworks/web/library/wa-secxss/
Related posts:
- How to save yourself from being hacked with cookies stealing? Many users I ‘ve seen who thought hacking is all...
- Good Firefox Add-Ons From a long time firefox is made its position to...
Related posts brought to you by Yet Another Related Posts Plugin.
