A Practical Guide to XSS Defense
Cross site scripting (known as XSS) is the tool of choice for bad actors who want to hack your website.
This book is the tool of choice for savvy developers who want to block cross site scripting attacks.
If you are a web developer, cross site scripting should be on your radar. You should know why it is a problem. You should know how it works.
And you should know what you can do to secure your site from attack. This book checks all of those boxes.
About This Book
Cross Site Scripting: XSS Defense Made Easy
is a practical guide for protecting your site and your site visitors from malicious cross site scripting attacks.
Topics are explained in clear, easy-to-understand language. Key points are reinforced with real-world examples.
And code is provided so you can see exactly how everything works.
What You Will Learn
This book is your step-by-step guide to mounting a multi-pronged defense against cross site scripting. The book focuses on three topics:
- Cross site scripting. How malicious hackers exploit website vulnerabilities to mount cross site scripting attacks.
- Server-Side Defense. How savvy developers leverage the .NET framework to resist cross site scripting on the server.
- Client-Side Defense. How you can use simple Javascript to resist cross site scripting on the client.
You’ll learn how your website can be attacked, and you’ll learn best practices for defending it.
Frequently-Asked Questions
-
I've never heard of cross site scripting. Is it really a problem?
Yes! In 2017, the
Open Web Application Security Project (OWASP)
identified cross site scripting as the second most prevalent security risk in its list of top ten risks.
OWASP estimated that two thirds of all web applications are vulnerable to attack via cross site scripting.
-
Why should I care?
Using cross site scripting, a person with bad intentions can wreak havoc on website visitors.
He can access cookies, read sensitive data, log keystrokes, install malware, or redirect users to
malicious sites.
Cross site scripting does not just affect site visitors; it affects site owners as well.
Attackers can use cross site scripting to re-write the content of web pages.
And if that weren’t bad enough, a site that is vulnerable to cross site scripting may be publicly
identified as a security risk, which can result in Google penalties, lower SERP rankings, and lost revenue. Ouch!
-
Why this book?
There is nothing hard about securing your site against XSS attack. But there are a few moving parts.
This book focuses on the most important parts, so you can quickly acquire the skills you need to protect
your site and your site visitors.
-
Who is this book for?
This book is for novice to intermediate web developers, particularly those who use ASP.NET Web Forms to build websites.
The book assumes beginner-level familiarity with HTML, Javascript, and a server-side coding language, like Visual Basic .NET.
-
Can I download source code?
Yes. For source code, visit this site’s Downloads page.
You can download source code for all of the examples from the book.
-
Who is writing this book?
Hi, I’m Harvey Berman. I have a bachelor’s degree in Industrial Engineering and a PhD in Psychology, both from Georgia Tech.
In 2005, I built Stat Trek, an educational website developed to help people teach themselves statistics.
In my spare time, I play golf and bridge – both poorly. - Read more
Table of Contents
Introduction
Cross Site Scripting
Malicious Code
General XSS Defense
Server-Side XSS Defense
Client-Side XSS Defense
XSS Case Study
XSS Crash Tests
Final Thoughts
Appendix A. Source Code
Appendix B. How to Disable Request Validation
Appendix C. XSS-Defender
Buy Now!
Is the book free? No! Of course, it’s not free.
But you can download a free sample of the book in Kindle format at Amazon.com.
If you like what you see in the sample, the whole book only costs $8.99.