Cross-site scripting and Spyware

**Cruzz** · 17-11-2009

Hi,
Today people are mostly depend internet for use. The tool is now used for many purposes. So it is natural that new security threats are too rising with it. Lets take a example that I have a e-commerce. The site deals in money transaction everyday. But how can we determine that the site is genuine and users are safe to surf it. Recently in a mail a friend discussed about Cross-site scripting. I am looking for a better explanation on this. And the second most annoying issue on the internet is a virus. Like spywares. These are most annoying creature online.

**Big Fish** · 17-11-2009

The implementation of Cross-site scripting does not means a site but a security features which is directly linked to the Internet security vulnerabilities of a site. The working principle of this is to find a site that provides the proper security hole. For this, you can try to claim non-existent page on a site by adding the URL of HTML formatting. Then see if these HTML tags placed in the URL are interpreted in the server response. If so the server has provided the security hole.

**Shen** · 17-11-2009

When a hacker, locates a site targeted by him, then the first thing he does is send an email to his victims. The mail written in HTML include a link with HTML code to be interpreted by the server when attempting to open the page. What is disturbing is that the HTML added to the URL can contain JavaScript. By this the hacker can retrieve information about the victim's PC. The solution is to secure the server by ensuring that the URL address that will rid of html tags.

**Steve123** · 17-11-2009

Spyware is a malicious application. Unlike a virus, its primary purpose is not to damage a machine and its software, but to collect data and other information about users of a computer. The purpose of data collection is marketing, or even statistics, but sometimes it can be much more dangerous, such as trying to recover much more sensitive information like account numbers, credit card or identifiers and passwords. It is generally focus on the analysis and retrieval of connection information to Internet sites (pages visited, number of connections, search keywords ...) or on the recovery of all or part of what is seized on the keyboard by the user.