Top 10 Interview Questions: Cross-Site Scripting | OWASP | Application Security
Cross-site scripting (XSS) is the most found vulnerability in web applications. Mitigation for this vulnerability is also very tricky. This article covers the Top 10 interview questions on XSS. Click Here if you are interested in Top Interview Questions of Owasp Top 10.
Cross-Site Scripting Interview Questions and Answers
Q1. What is Cross-Site Scripting (XSS)?
Ans: By using the Cross-Site Scripting (XSS) technique, users execute malicious scripts (also called payloads) unintentionally by clicking on untrusted links, and hence, these scripts pass cookies information to attackers.
Q2. What information can an attacker steal using XSS?
Ans: By using XSS, the session ID of the genuine user can be stolen by the attacker. The browser uses the session id to identify your credentials in an application and helps you keep logging in till you sign off from an application. An attacker can write code to extract information from cookies that contain session-id and other information. Later, the same session ID can be used by an attacker to browse the application on behalf of the user without actually logging in to the application.
Q3. Apart from mailing links to error pages, are there other methods of exploiting XSS?
Ans: Other methods where attackers store malicious scripts (also called payloads) are discussion forums, the comment section of websites, and other similar platforms. Whenever the user navigates those pages, payloads are executed, and the user's cookie information is automatically sent to an attacker.
Q4. What are the types of XSS?
Ans: Cross-site Scripting can be divided into three types:
- Stored XSS
- Reflected XSS
- DOM-based XSS
Q5. What is Stored XSS?
Ans: In Stored XSS, the attacker plants a malicious script (also called payload) on a web page. Comment pages, forums, and other similar platforms can be used to store payloads. When the user browses these pages, these payloads are executed and send cookie information to an attacker.
Q6. What is Reflected XSS?
Ans: Reflected XSS is one of the most widespread attack techniques used by attackers. In this type of attack, the user sends a malicious request by clicking on malicious links (contains an XSS payload) to a web server available on social networking sites and other platforms. As a result, the webserver replied to the user with an HTTP response containing the payload, which was executed in the browser and stole the user's cookies.
Q7. What is DOM-based XSS?
Ans: DOM-based XSS is a type of cross-site scripting that appears in DOM(Document Object Model), instead of HTML.
Q8. How can I prevent XSS?
Ans: XSS can be prevented by sanitizing user input to the application. Always allowed those elements as input which is absolutely essential for that field.
Q9. Can XSS be prevented without modifying the source code?
Ans: "http only" attribute can also be used to prevent XSS.
Q10. What is Cross-Site Tracing (XST)? How can it be prevented?
Ans: By using XST technique, attackers are able to steal cookies by bypassing "http only" attribute.
XST technique can be prevented by disabling the TRACE method on the web server.
Miscellaneous Questions
Q. List out key HTML entities used in XSS.
Ans:
> (greater than)
' (apostrophe or single quote)
" (double quote)
< (less than)
& (ampersand)
Q. Which tools are helpful in identifying XSS vulnerabilities?
Ans: XSS is the most common vulnerability type available in web applications. Many tools are available to identify XSS. Some of them are listed below:
- OWASP ZAP - Basically a web scanner but it can also be used in identifying XSS vulnerability
- BurpSuite - A most popular tool among Security Researchers.
- ratproxy - Automated web application security scanning tool.
- XSS-Proxy - Advanced tool to identify XSS vulnerability.
References:
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
Thanks for this rattling post, I am glad I observed this internet site on yahoo.