XSS is the most prevalent web application security flaw. XSS flaws occur when an application includes user supplied data in a page sent to the browser without properly validating or escaping that content. There are three known types of XSS flaws: 1) Stored, 2) Reflected, and 3) DOM based XSS. Detection of most XSS flaws is fairly easy via testing or code analysis.
Technical Specifications
- Technical specifications
- WASC TC v2.0 Classes Coverage
- WASC TC v1.0 Classes Coverage
- OWASP Top Ten 2013 Coverage
- OWASP Top Ten 2010 Coverage
- OWASP Top Ten 2007 Coverage
- OWASP Top Ten 2004 Coverage
- 2011 CWE/SANS Top 25 Coverage
- 2010 CWE/SANS Top 25 Coverage
- 2009 CWE/SANS Top 25 Coverage
- The Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- NIST Special Publication 800-53
- Sarbanes-Oxley Act (SOX)
- DISA Security Technical Implementation Guide (STIG)
- ISO/IEC 27001:2005 Coverage
- ISO/IEC 27001:2013 Coverage
OWASP Top 10 2013 Contents
- OWASP Top Ten 2013
- Injection
- Broken Authentication and Session Management
- Cross-Site Scripting, XSS
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery, CSRF
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards