Cross Site Scripting (or XSS) is one of the most common
application-layer web attacks attackers to inject client-side script into Web
pages viewed by other users
Use Case Requirements:
Information security standard for organizations provides security standards .It certifys security over cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.
PCI (Payment Credit Interface) Compliance requires protection from XSS attack. Any payment related platform ensures that there site does not get attacked through Cross Site Scripting.
Information security standard for organizations provides security standards .It certifys security over cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.
PCI (Payment Credit Interface) Compliance requires protection from XSS attack. Any payment related platform ensures that there site does not get attacked through Cross Site Scripting.
PCI People do not provide any specific tools which can be
used by the application developer to ensure that their application is free from
XSS attack.
PCI Organization conduct before providing the certificate which is a bit costly(2000$).
Tool to test XSS vulnerability: Netsparker
Solution:
To avoid XSS vulnerability we can use ESI API.
Script passed in request parameter should not be executed
with the response. So we need to encode the request parameter with the ESS API
Could you please provide details.
ReplyDelete