Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: Resources > Anti-Cross Site Scripting (XSS) Tips and Tricks

Anti-Cross-Site-Scripting (XSS) Tips & Tricks

 
Cross Site Scripting (XSS) is very commonplace on most websites. Before you browse a given webpage, make sure that you're safe from XSS vulnerabilities first. Doing so will save you from a lot of headaches and annoyances.

 
Compromises Your Whole Website
 
If an attacker is triumphant in executing an XSS exploit against your network, it can allow them to manipulate and compromise your computer at their behest. Whenever you're faced with such a dilemma, you must do the following:
 
  • For the love of Mozilla, get Firefox, Opera, Safari, or Konqueror as your web browser. Using Internet Explorer is just asking for trouble. Also, even without the security issues, it provides a subpar browsing experience.
 
  • Don't run JavaScript. Get the NoScript extension for Firefox so that you can allow JS for trusted domains (like your own) and block it for everybody else. Either use the NoScript extension or just disallow JavaScript completely (in Firefox, visit Edit, then Preferences, then Content, then uncheck "Allow Java" and "Allow JavaScript").
 
  • Don't run Flash (which is basically JS)—even from places like YouTube, which is full of malicious files—unless you are absolutely sure that it can be trusted. Use NoScript for this.
 
  • Turn off Java.
 
 
  • For the truly paranoid, you can do the following. Browse text-only (access Edit, then Preferences, then Content, then  uncheck "Load Images" in Firefox). That's because a skillful cracker can still get code to execute from within a JPEG file; not common or easy, but possible.
 
  • Create a strong master password for your browser (access Edit, then Preferences, then Passwords, change your existing passwords, and clear your private data upon exit). Creating a master password will give you that option by default.
 
I can't stress the last item enough. If you do get tricked, a master password plus regularly flushed private data can give you a fighting chance. At the very least, your passwords will be locked up—or at least the ones that are changed after the master password goes into effect. Your master password will not protect against attacks targeted at sites that you're already logged into upon hitting the evil XSS site, though.
 
That's why it's important to clear everything regularly. You can still store passwords—which is nice because you can use multiple passwords for different sites—but you only need to remember your strong master password. Clearing cookies and authenticated sessions upon shutting down Firefox will log you out safely and decrease your chances of giving up the goods.
 
If you do all that, you should be pretty safe. Good luck.
 
The SecPoint® Protector (http://www.secpoint.com/secpoint-protector.html) protects against all XSS attacks.
 
The SecPoint® Penetrator (http://www.secpoint.com/secpoint-penetrator.html) can automatically crawl through your website and find XSS weaknesses.
 
Read more about our services and products here: About SecPoint, IT Security Products, and IT Security Jobs.
WPA Password Recovery                                   Web Vulnerability Scanner                                 Protector UTM Firewall

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  


Related pages
802.11 Protocol
Alfa AWUS036h Information
Alfa AWUS051nh Information
All about Cloud Security
Anti Hacking/Anti-Cracking Tips & Tricks
Anti Spam Black Lists
Anti-Cross Site Scripting (XSS) Tips and Tricks
Anti-Denial-of-Service Tips & Tricks
Anti-Phishing Tips & Trick
Anti-Social-Engineering Tips & Tricks
Anti-Spam Tips & Tricks
Anti-Spyware Tips and Tricks
Anti-SQL Injection Tips and Tricks
Anti-Virus Tips & Trick
Better Wi-Fi Range without Interference
Block Email Junk
Breaking Authentication Schemes
Cloud Internet Security
CSRF
DDoS
Distributed Denial of Service
DLP
Email & Spam Test Links
Ethical Hacker
Free Top 15 Wifi Security Tips Videos
FreeBSD
Google hacking
Honeypot
How does SEO hacking occur?
How to choose a vulnerability scanning vendor?
How to get rid of a trojan horse
How to get rid of malware
How to protect against client wireless hacking
Internet Information Services (IIS) - Web Service Attacks
IPX
IT Security Gurus
NetBEUI
OpenBSD
OSI
Pen Test Appliance
Portable Penetrator - Protector - Penetrator QR Codes
RC4
Risks of Cyber Crime
RSA
SecPoint Free Security Scan
Security Mailinglist Rss Feeds
Security Scanner
SEO 200 codes to 404 errors not follow html standard
SEO 302 Redirect
SEO Check a tags no follow
SEO Check cusor type to text spam
SEO Check for css hiding of elements
SEO Check for img alt title tags spamming
SEO check for long title tag spamming
SEO check for no tags noarchive noindex nofollow
SEO Check for short link tag spam
SEO check for small size font tag
SEO Check H tags H1..H6 spamming
SEO Check link from invisible img
SEO Check links do not correspond to a tag
SEO Check long keyword description tags
SEO Check NOSCRIPT text for spamming
SEO Check page has count a tags
SEO Errors explanations
SEO Javascript popups spam
SEO META REFRESH redirect spam
SEO Same link with different content
SEO Too many keywords spam
SharePoint Multi-Tier Attacks
SOX
Spam Blocker
SQL Server - Stored Procedure Attacks
Stealthy DDoS
Stop Spam
TCP/IP
Technology Papers
Test Your Security Policy
The Facts about Cloud Computing
The Sarbanes-Oxley Act of 2002
Top 10 Cloud Computing Services
Top 10 Free IT Security Tools
Top 10 Hacker Attacks
Top 10 Hackers
Top 10 IT Security Tips
Top 10 IT Security Tools
Top 10 Most Secure Operating Systems
Top 10 Myths in IT Security
Top 10 Phishing Scams
Top 10 Social Engineering Tactics
Top 10 Spam Attacks
Top 10 Spyware
Top 10 Viruses
Top 10 Ways to Protect Your Computer from Hackers
Top 10 Website Security Myths
Top 10 Worms
Types of Hacker
UTM Appliance Review
Virtual Machine
Virus Spam Bounce Ruleset
Vulnerability Assessment Guide
Vulnerability Testing Appliance
What are Server Misconfigurations and Predictable Pages?
What are the risks of the escalation of privileges in the active directory?
What is SSH?
White Papers
WiFi Security
Wifi Security Tips & Tricks
Wifi WEP Encryption Cracking Guide
Wifi WPA & WPA2 Encryption Cracking Guide
Wireless Access Point
Worldwide Security Events
WPA Handshake
WPA2
WPA2 Handshake

Subscribe to our Mailing List

Customer References



Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245