Cross-site scripting attacks – the ability to inject unauthorized scripts into web applications – is pervasive, and even though developers have plenty of tools and technologies that can detect and fix XSS flaws, the attacks still keep coming.

Google’s latest developer tools, CSP Evaluator and CSP Mitigator, tackle the XSS problem from a different angle, by shoring up web application defenses to make it harder to execute those malicious scripts.

XSS is among the most common security threats plaguing web applications, and aren’t always the result of sloppy or lazy coding. Developers can avoid mistakes which lead to XSS with modern web technologies such as strict contextual auto-escaping or use automated scanners to catch vulnerabilities during testing.

To read this article in full or to leave a comment, please click here

Source: Security