Section 1. Input Data Validation and Representation 1. Cross-Site Scripting (XSS) A. Definition When unvalidated external input is used in the generation of dynamic web pages, malicious scripts may be executed under the privileges of the user viewing the page. This can result in damages such as the leakage of sensitive information. B. Secure Coding […]
SQL Injection Vulnerability Vulnerability Details and Security Countermeasures Websites interface with DBMS, and data transactions occur through user input values in web applications. If validity verification for user input is omitted, a malicious user can transmit manipulated inputs containing SQL query statements instead of normal values to alter the structure of the server-side query. Through
Section 1. Security Countermeasures 1. Script Injection Vulnerability A. Vulnerability Details and Security Countermeasures This vulnerability refers to attacks that control a web browser to attack a PC by causing client-side scripts (such as JavaScript or VBScript) that run in a web browser to execute in another user’s browser. These attacks can be largely classified
Section 1. Ajax Vulnerabilities and Countermeasures Ajax (Asynchronous JavaScript and XML) is a web application development method that uses asynchronous JavaScript to exchange XML data with a web server via the HTTP protocol. Unlike traditional web models, it allows web pages to be updated dynamically without decreasing response speeds. Ajax is not a single technology
1. Local Storage Security A. Definition HTML5 provides a new API called postMessage. This is a framework for scripts to pass data from one domain to another. To ensure that such data requests are not hacking attempts, postMessage includes an object property that allows developers to perform an origin check on the data request. However,
Section 1. Input Data Validation and Representation Accepting and using user input without proper validation exposes a system to numerous security threats. To prevent such vulnerabilities, it is recommended to code applications so that they only accept valid input data. In unavoidable cases, vulnerabilities should be eliminated by validating input values and allowing only verified
(*) Source: Korea Internet & Security Agency (KISA) (*) Data: Korea Internet & Security Agency (KISA) This is the Guide for Vulnerability Assessment and Remediation of Web Applications.