Understanding Script Injection Attacks
page 1 of 5
Published: 27 May 2008
Abstract
This article helps you to understand the concept of script injection attacks in detail using ASP.NET. Sanjit first provides a list of potentially dangerous HTML tags and then examines the concept of request validation with the help of some simple ASP.NET code. Sanjit also describes how to disable request validation and encode the output.
by SANJIT SIL
Feedback
Average Rating: 
Views (Total / Last 10 Days): 45834/ 68

Introduction

Script injection attacks occur when a hacker takes a few lines of malicious programming code and enters it in to a form on our Website and then submits the form. If the Website is data driven then chances of risk is more on the Website. Hackers will often inject scripts in to our forms to try and make the system fooled in to thinking that they are valid users in order to delete data or change data or access data from database.

The basic technique for a script injection attack is for the client to submit content with embedded scripting tags. These scripting tags can include <script>, <object>, <applet>, and <embed>. Although the application can specifically check for these tags and use HTML encoding to replace the tags with harmless HTML entities, that basic validation often is not performed.


View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2017 ASPAlliance.com  |  Page Processed at 2017-10-18 7:53:50 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search