Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. XSS vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user’s data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application’s functionality and data.
Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data. ASI’s antivirus application prevents XSS vulnerabilities through a combination of measures such as filtering the inputs on arrival, encoding the data on output, and using appropriate response headers so that the browsers interpret the responses in the way you intend. As a last line of defense, the application uses the laid down Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.
If you have questions or comments, please use this form to reach us, and you will receive a response within one business day. Your can also call us directly at any of our global offices.