In another
post, I said I would talk about the OWASP Top 10, which is a list of the 10 most dangerous current Web application security flaws. This list, interestingly, is built into both the
PCI DSS standard as well as
Shared Assessments.
#1 on the OWASP Top 10 is
Cross Site Scripting (XSS), which, per OWASP is:
whenever an application takes user supplied data and sends it to a web
browser without first validating or encoding that content. XSS allows
attackers to execute script in the victim's browser which can hijack
user sessions, deface web sites, possibly introduce worms, etc.
For more information on XSS, check out this nice
FAQ.
In the next post we will cover #2 on the Top 10.
DID YOU KNOW? Shared Assessments' Application Vulnerability Assessment actually contains
11 attributes. Can you name #11?