XSS Conclusion - EGroupware/egroupware GitHub Wiki

Wiki ▸ [Developer Docs](Developer Docs) ▸ [Cross Site Scripting](Cross Site Scripting) ▸ XSS Conclusion

Section 4 - Conclusion.

By now I hope you all understand that Cross sight scripting is not as trivial a 'security' hole as it appears on the surface as all of the simple demos people post as examples.

Identifying Cross Sight Scripting is the easy part.

Foreseeing its possibilities and knowing how to use it to impact a user base is the hard part, and is the part that is not widely discussed.

With XSS so widely written about and so misunderstood alot of people have walked away with the false conclusion that it is an annoyance and not a threat.

The purpose of this paper is not to arm a hoard of script kiddies with a bunch of proven tricks, but is to try to instill a sense as its actual dangers and impacts with those who are in the position to do something about it.

As with all knowledge, it can be a double sided sword. As rfp's paper on Sql injection techniques brought out the dangers of Sql injection to the public I too hope that this paper may have a similar effect and raising awareness and helping people to limit their own (and their surfer populations) exposure.

You may not loose your server to XSS attacks, it may not DOS your network, but you may loose your users, and you may be the reason your clients lost their credit card numbers, fell victim to identity theft or had their accounts tampered with.

Wiki ▸ [Developer Docs](Developer Docs) ▸ [Cross Site Scripting](Cross Site Scripting) ▸ XSS Conclusion