Terminology

A vulnerability is a weakness. This weakness allows someone to reduce a system’s information assurance. A vulnerability is the intersection of 3 elements: a system susceptibility or flaw, an attacker access to the flaw, an attacker capability to exploit the flaw.

In computer security, when something becomes vulnerable, that means an attacker can now try to exploit a vulnerability on this system. Your website can be vulnerable to an special attack, you computer can be vulnerable too, and or course humans are vulnerables too, specially when you are targeted by phishing emails.

A security flaw is a involuntary weakness despite the developer and in contrary of a malicious flaw. This is a vulnerability, that can be exploited but not designed to be. Usually the developer takes this seriously and release a patch to fix this security flaw. Security flaws are not created but discovered.

Now that you know what is a XSS attack, lets read some Cross-Site scripting examples. Reflected XSS Let’s say an attacker encounter a URL with a parameter containing a message like this: http://example.com/?message=You+are+now+logged-in And the page contains this exact message. This means that anything passed in this parameter named message will be printed in the page. To […]

Cross-Site Scripting (XSS) attacks are a type of vulnerability called “injection”. Some malicious scripts can be injected into trusted web sites. XSS attacks occurs when an attacker is sending malicious code, generally in the form of a browser, to a different browser/visitor. The flaws allowing these attacks to succeed are badly widespread and occurs anywhere in any input […]