6 Browser vulnerabilities
In this chapter
- How to protect against cross-site scripting
- How to protect against cross-site request forgery
- How to stop your website from being used in a clickjacking attack
- How to prevent cross-site script inclusion vulnerabilities
Security-wise, the internet has been a huge mistake. Before we decided to plug all the world’s computers into one giant network, it used to take true ingenuity to spread malicious software. To be infected by a computer virus, you had to insert a floppy disk or connect to a company network that was already infected.
Nowadays, devices are so keen to connect to the internet that computers with no network interfaces are novelties. Such air-gapped devices are sometimes used for highly secure military or life-critical systems. (Here’s a fun aside: when forensic investigators seize computers as part of an investigation, they immediately put them in Faraday bags, which are lined with aluminum foil to prevent them from making wireless connections.)
Given the always-connected status of most computing devices, today’s operating systems are designed to be cautious about what code they execute. They tend to refuse incoming networking connections from untrusted sources, making it quite difficult for an attacker to gain direct access to a computer.