• Support Home
  • Knowledgebase
  • FAQs
  • Getting Started
  • Support Home
  • Knowledgebase
  • FAQs
  • Getting Started
home/Knowledge Base/Threats Stopped - FAQ/XSS attack protection by Astra
Popular Search:Whitelisting a URL, Google Bot , Migrate Astra

XSS attack protection by Astra

March 25, 2018 April 3, 2020

xss-protection-for-website-astra-security

Cross-Site Scripting (XSS) attacks are stated as one of the most rampant occurring yet easily fixable injection attack faced by e-commerce businesses and a variety of other web applications.

An XSS attack is of 3 types:

  1. DOM Based Attack: Caused by malicious injection of code from client side. The injected code can be Javascript, Flash, Visual Basic etc.
  2. Persistent XSS Attack: Caused when payload is stored on server side and gets retrieved when there is a user request to a page
  3. Non-Persistent XSS Attack: Caused when payload is reflected back to the user by opening a link to a vulnerable website with a crafted input.

Precautions to Mitigate XSS Attacks

Preventing a XSS attack doesn’t imply disabling users to input their payloads, rather take measures to stop it from being parsed as HTML in the browser. That being said, here are few methodologies which are used to prevent a XSS attack.

 

  1. Input ValidationTo prevent XSS, white-list most input to alphanumeric or in some cases, special characters. This will reduce surface attack and minimize the potential for bugs.
  2. Use of secure DOM elementsOften, unsafe handling of DOM elements (document object model) lead to XSS attacks in even rich client UIs. For example: using the innerHTML attribute renders the user input as XSS with Javascript events. In this case, the safe alternative would be to use contentText or innerText.

More detailed steps can be found here.

 

Tags:attacksDOMelementshtmlnon-persistentpersistentvalidationwhitelistXSS Protection

Was this helpful?

Yes  No
Related Articles
  • Threats table showing no threats
  • Googlebot & Bing Bot Being Shown & Blocked in Threats Table
Threats Stopped - FAQ
  • XSS attack protection by Astra
  • Threats table showing no threats
  • Googlebot & Bing Bot Being Shown & Blocked in Threats Table
Popular Articles
  • How to install SQLite for PHP on my Apache/nginx server?
  • Fixing Missing HTTP Security Headers
  • How to enable SQLite in your cPanel/hosting account
  • Whitelisting an IP on your website using Astra
  • How to rename admin folder name in OpenCart 1.5 & vQmod?
KB Categories
  • Agency
  • Billing & Payments
  • Community Security
  • Getting Started
  • Malware Scanner
  • Securing OpenCart
  • Security Audit – FAQ
  • Security Best Practices
  • Support
  • ThemeCloud
  • Threats Stopped – FAQ
  • Troubleshoot
  • Using ASTRA Firewall
  • WP Hardening

Astra Website Security

Product
  • Astra Security
  • Pricing
  • Plan Comparison
  • Malware Removal
  • Resources
Solutions
  • Website Malware Cleanup
  • WordPress Security
  • Magento Security
  • OpenCart Security
  • Joomla Security
Join Our Community
  • KnowledgeBase
  • FAQ
  • Getting Started
  • How To Use Astra
  • Support Ticket
  • Privacy Policy
  • Terms of Use
  • © 2020 Astra IT Inc. All Rights Reserved.

Popular Search:Whitelisting a URL, Google Bot , Migrate Astra