Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. (OWASP) XSS has been on the OWASP’s top ten list of security vulnerabilities consistently.
Join us to review how these attacks work and how to protect your .net websites from this. While it is not difficult to use default protections against these attacks it is in your best interest and that of your clients to understand these attacks. I will also demo some options for reducing the risks associated with this if your clients want functionality that the default protections block.
Garrett Havens, a developer with over 10 years’ experience primarily in .NET, will present this topic.
The meeting is sponsored by Find Great People (http://www.fgp.com)