Pervasive Web application vulnerability is often misunderstood -- with dangerous consequences By John Sawyer DarkReading - A Special Analysis for Dark Reading
SQL injection has been getting most of the attention lately, but the average SQL injection attack isn't nearly as sophisticated and difficult to pull off as a well-crafted cross-site scripting (XSS) attack:
XSS affects all victims of a vulnerable Website, stealing their credentials, exploiting their Web browsers, and taking action on behalf of them without their knowledge.
XSS has been the reigning champion of Web application vulnerabilities in the sheer number of applications that house this vulnerability. Like SQL injection, XSS is a flaw caused by a lack of validation of user input. But instead of attacking the Web application or database server directly, the XSS attack hits the Web app's victims and executes malicious code in the victims' Web browsers.
Continue Dark Reading
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ucGNs3vBOaKbUlz9CoBWv4ClCNNNRr6G6c2URSNuDOONO-a--Oi5Zt4R5oXWkV4EIZpnEY41PRzSsnd_3HFny2BD1E3j0WsQxLlyshKftdK4f19OLwtiChTGG_-Is7jCZiQJwkcylLRBynxTCbbBuK=s0-d)
