Security Vulnerability of the World Wide Web Essay

1825 Words8 Pages
Everyday tech users are increasingly engaged with web and mobile applications. These programs have many uses and can be very helpful in progressive usage. However, these applications also serve as the most accessible point of entry for malicious attackers to wreak havoc. The continual growth and usage of web-applications makes the infrastructure one that is susceptible to attack due to lack of thorough security implementation. The Open Web Application Security Project (OWASP) is a community-based non-profit organization that concentrates on increasing the safety in the realm of web applications. It was started in 2001 and ever since then its primary goal has been to create a high level of transparency in the web applications and software…show more content…
The data can contain malicious content in various forms such as JavaScript, HTML, Flash, or any other form of executable code. There are also a variety of attacks that can occur through this method, the most common being transmission of private data, redirection to malicious web content, or executing malicious operations on the user’s machine. XSS attacks can be categorized into two categories despite the wide-array of possible paths of exploitation; stored XSS attacks and reflected XSS attacks. Stored XSS attacks permanently store the injected script on the target server, and by requesting the compromised data the victim is susceptible to the malicious script. This is labeled as the most dangerous type of XSS attack because a majority of web applications require some form of storage therefore making a majority of applications prime targets. The point of success for the attacker is simply to have a user visit the page with the stored exploit, this simple success standard can be easily achieved making this even more challenging. These types of attacks are also known as Persistent XSS Attacks or Type-I XSS attacks. Reflected XSS attacks occur when the injected script is reflected off the web server. The delivery of the attack is via an alternative path such as through email or via another website where the user engages with the malicious link. This allows the malicious code
Get Access