Recently, Brian Krebs from the Washington Post reported that thousands of insecure websites were identified last year, many of which contained cross-site scripting (XSS) vulnerabilities. The stunning revelation in this report is the sheer number of websites that harbor the cross-site scripting (XSS) vulnerability.
“Xssed.com lists nearly 13,000 Web pages that hosted cross-site scripting vulnerabilities, including a large number at trusted and high-traffic Web sites such as yahoo.com, google.com, msn.com, myspace.com and facebook.com, and cnn.com.”
Cross-site scripting vulnerabilities can be used to execute sophisticated phishing attacks, so they represent a significant threat to many internet users, including casual and social surfers. Further compounding the problem, only 3% of the 13,000 recorded web pages harboring cross-site scripting vulnerabilities were fixed last year, according to reports from Symantec.
As more and more malicious hackers exploit cross-site scripting vulnerabilities, tens of thousands of websites could be used to prey on millions of internet users.
In fact, as hackers have become adept in cross-site scripting (XSS) exploitation, they have deployed web-based worms against social networks like Twitter. These worms may not have caused significant damage yet, but users still run the risk of being lured into downloading malicious programs masquerading as a fun plug-in or anti-virus software.
At FireHost, we take the threat of cross-site scripting (XSS) exploitations very seriously. As part of our industry-leading secure web hosting environment, we use sophisticated, enterprise application firewalls to help prevent hackers from exploiting the web applications used to execute cross-site scripting attacks.
Start protecting your website, business, and customers by discovering the difference in FireHost’s unrivaled security. Visit FireHost.com and contact a FireHost Agent today.
This entry was posted on Friday, June 5th, 2009 at 9:00 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
