Saturday, April 01, 2006

Microsoft Anti-Cross Site Scripting Library

Microsoft has recently released an Anti-Cross Site Scripting Library to help prevent cross site scripting attacks. To download the Anti-Cross Site Scripting Library, go to http://www.microsoft.com/downloads/details.aspx?familyid=9A2B9C92-7AD9-496C-9A89-AF08DE2E5982&displaylang=en

A Cross Site Scripting attack (XSS) occurs when a hacker inserts a link in an e-mail or web forum that appears to be legitimate (i.e. cnn.com, google.com). However, the link actually a malicious script code embedded in the URL. When the unsuspecting user clicks the link, the script is executed on the host web site. The script code maybe used to transfer cookies from the victim's PC to the hacker's machine. The cookies may contain user ID's, passwords, or possibly credit card information, all which can be used for illegal purposes. To read more about this security attack, visit http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/httponly_cookies.asp

No comments: