Preventing Cross-Site Scripting (XSS)

What is it?

Cross-Site Scripting, or XSS, is a type of attack used by hackers to control the content of your web pages. Hackers will insert a piece of code into your site, usually through an input field such as a search box, user ID, or Name/Address box. If your website is vulnerable to this type of attack, the hacker can control the content of your page, including the user's cookies or session variables.

What is the impact?

Hackers use this type of attack to trick your visitors into providing personal data. Since visitors believe they are providing this information to your site, they are likely to provide sensitive information to hackers, since they trust your business. Hackers use information collected, such as user names, passwords, credit card information, etc. to carry out identity theft and other criminal activities.

How does SiteLock protect me?

SiteLock's patent-pending 360-degree scan technology tests each input box on your website to ensure that they are not vulnerable to this type of attack. We verify the security of each input box on your website by inserting code in the way hackers would. Instead of taking over your page, though, we simply use harmless test procedures.

What can I do about it?

Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in's where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. Use a website scanning service that features XSS scripting scans, such as SiteLock Premium or SMB. If you are writing your own code, be sure to validate your input fields for special characters and ensure that the settings for your code are frequently updated and hardened for security. You can also take advantage of SiteLock's Expert Services team to correct any issues we identify in our scans.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

SQL Injection - Database Vulnerability

What is it? SQL injection, is an extremely damaging attack in which hackers will attempt to...

Reputation Monitoring

What is it? SiteLock's patent-pending 360-degree scan helps you make sure your website and...

Monitoring Network Security Vulnerabilities

What is it? Network servers have devices on them known as ports. Each port is set up to...

Virus Scanning (Drive-by Downloads)

What is it? If your site has been compromised by hackers, they may be using your website to...

Application Scanning

What is it? Application scanning will verify the applications you've installed on your website...