XSS and SQL injection attack Prevention

A new problem has come into light in recent times related to defacing or modification of website data automatically and the problem is on rise. This problem is known as "Cross site scripting" or "SQL Injection" attack.  These attacks are done by web users who can scan your website using some internet robots and can get hold of the coding and other relevant details about the server like web server version, scripts language and database type.Malicious codes as well as some scripts and Iframes that redirect to other sites containing virus gets embedded automatically for which they don't need any access to the server. These types of infection is called "Cross-site scripting" which operates on the vulnerability in the website and exploits them (like non filtered input in the search/ contact/ login/ any type of submit page). No firewall, antivirus, antispyware can protect this to happen. It can only be stopped by patching up the code vulnerabilities in your website. You can gather more information if you visit the below links:

 

  1. http://www.acunetix.com

    Here you can know more about these problems in details and can download a free vulnerability scanner that you can use to scan your site and know those vulnerabilities and have to act accordingly.
  2. http://www.google.com/webmasters/

    Here you can login to the google webmaster tool using any of your existing Gmail account login to verify your website data.
  3. http://en.wikipedia.org/wiki/Cross-site_scripting
    http://en.wikipedia.org/wiki/Sql_injection

    Here you can get extensive knowledge on "cross site scripting" and "Sql injection".
  4. http://www.virtualforge.de/vmovie.php

    You can download videos from this site related to cross site scripting attack.

 Please lookout for some scripts in your Webpages like the one below:

 



Article ID: 83
Last updated: 09 May, 2011
Revision: 4
Linux Hosting -> XSS and SQL injection attack Prevention
https://kb.diadem.in/xss-and-sql-injection-attack-prevention_83.html