How do you perform on a test that checks your vulnerability to a cross-site scripting attack and malicious code injection?

How are we testing?:

This test visits a Zscaler CDN website that simulates a compromise by malicious code and checks to see if it would have been able to compromise your web browser.

Why is this test important?:

Cross-site scripting (XSS) attacks inject malicious code into an otherwise legitimate site. An XSS attack can steal web visitors' credentials and session keys (e.g. passwords and other sensitive data) and tarnish the reputation of the compromised website.

Take our security preview now

Cross-Site Scripting Attacks - a Perennial Problem

Cross site scripting attacks can compromise major websites like Twitter, Facebook and YouTube. These attacks are such a perennial problem that they consistently rank in the Top 10 vulnerabilities as identified by the Open Web Application Security Project (OWASP).Source

In the News:

WordPress REST API Bug Could Be Used in Stored XSS Attacks - Threatpost

14 Mar 2017
The recently patched WordPress REST API Endpoint vulnerability is the gift that keeps on giving. Already responsible for more than one million website defacements and attempts to monetize some of those attacks, the flaw also opens the door to a ...

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting - Security Intelligence (blog)

13 Mar 2017
Besides infections on social networking sites, XSS has been used for financial gain, most notably in attacks against e-commerce giant eBay. Cybercriminals injected malicious scripts into several listings for cheap iPhones. The scripts sent users to a ...

What should enterprises know about how a stored XSS exploit works? - TechTarget

03 Mar 2017
Cross-site scripting, or XSS, is a web application attack that attempts to inject malicious code into a vulnerable application. The application isn't at risk during this attack; XSS' main purpose is to exploit the account or user attempting to use the ...

More »