A List Apart
"When doing research for the articles I found that many of Swedens most visited communities (Playahead, Snyggast) were vulnerable”
Community creators, secure your code! (Illustration av Kevin Cornell)
During spring 2006 I wrote a serie of articles for the very popular webbmagazine A List Apart. The two articles were about XSS – or cross site scripting – attacks and how to protect your site. This typ of attack can be very harmfull and when doing research for the articles I found that many of Swedens most visited communities (Playahead, Snyggast) were vulnerable.
XSS attacks – harmfull Javascript
During a XSS attack you trick the community into displaying harmfull Javascript, most often in your presentation or in a comment. When the user enteres the JavaScript executes a series of commands of the attackers choice ranging from writing in automaticly in a guestbook to deleting the account. You can mimick almost any user command except those requiring a password.
» Read more about XSS and how to protect your site in part one and part two on A List Apart.
