Cross-site Scripting (XSS) refers to client-side code injection attack where an attacker can execute the malicious scripts on any website. An attacker can use XSS to send a malicious script to any user. After that, the end user’s browser has no chance to know that whether the script should be trusted or not and will execute the script.
Preventive steps to handle Cross-site Scripting:
- A Web Application Firewall (WAF) is the most commonly used solution for the protection of XSS attacks.
- WAFs employ different methods to counter-attack vectors.
- According to industry best-practices, Imperva Incapsula’s web application firewall employs signature filtering to counter cross-site scripting attacks.
- Incapsula crowdsourcing technology automatically collects attacked data from its network.
- Crowdsourcing also enables the use of IP system that blocks repeated offenders, including botnet resources which can be re-used by the multiple perpetrators.