Waf Charm

Blog

AWS for beginners

Cross Site Scripting for Beginners

【Table of contents】

  1. 1. Overview
  2. 2. What is AWS?
  3. 3. What is cross-site scripting?
  4. 4. Conclusion
  • 1. Overview

    Nowadays one of the threats is the attack called "Cross Site Scripting (XSS)", since many SNSs have become common services.
    Countermeasures against cross-site scripting has become a must for many web services, so it is necessary to check their name and characteristics in the future.
    Cross-site scripting can also be countered by AWS WAF, so if you have AWS installed, you may want to consider it.
    Let's review the features of AWS again and take appropriate measures against cross-site scripting.

  • 2. What is AWS?

    AWS is a cloud computing service provided by Amazon.com, a leading e-commerce site.
    There are a number of systems that can accurately support your IT-related work, which can help you improve or streamline your existing work.
    In recent years, many industries have embraced IT systems, and cloud services such as AWS are in great demand.
    Even if you don't specialize in IT at the moment, you should check out specialized support services such as AWS because the trend of IT systems becoming more generalized is expected to accelerate in the future.

    With multiple services available, AWS can enrich every aspect of your business.
    For example, it can be used to provide storage for data and to ensure security for safe use of the web, so it can be used in a wide range of ways.
    AWS also offers other flexible services that take advantage of the cloud, so by applying them, you can reinforce the missing parts of your business.
    The use of AWS is well worth considering for the future.

    In addition, AWS offers a user-friendly return on investment, which makes it possible to use it at a great price.
    As of July 2017, it has reduced the price of the services more than 60 times, some of them with a price difference of more than 90%.
    Since companies are already using it on a global scale, we will continue to see the launch of new services and discounts on usage amounts.

    AWS is basically a pay-as-you-go system, so you only pay for what you use.
    This means that you don't have to spend money on extra capacity, so you can use each service while hedging your risk.
    If you're not sure how much you need to spend, or if you want to incorporate a service as cheaply as possible, AWS can be a strong ally.

    And AWS provides adequate support for threats like cross-site scripting.
    AWS is a good option if you are not able to take measures against vulnerabilities in your own services, or if you want to take measures while reducing the operational burden.

  • 3. What is cross-site scripting?

    Cross-site scripting is a type of cyber-attack that takes advantage of vulnerabilities in web applications.
    This type of attack, known as XSS, has recently become a major problem because it interferes with the safe use of the Internet and causes a lot of problems for users and providers of services.
    Cross-site scripting will be a major challenge for IT providers and one of the barriers to providing a healthy service.

    Cross-site scripting is characterized by the inclusion of malicious scripts for functions that input data into web applications, such as contact forms and bulletin boards.
    XSS was named because it cross-utilizes the vulnerable site and the attacker's site, and it is
    If you click on a link with a script added to it, you will be taken to another website that is not secure, a popup will be expanded from it, and you will be asked to enter information in a fake input form. Similar are the examples of this problem.
    Rather than an attack directed at someone in particular, it poses a threat to all users of the service, sometimes causing significant damage.

    Leaving an environment where you can insert malicious scripts for cross-site scripting could cause a lot of damage in the future.
    In other words, the cause of the growing damage of cross-site scripting is the presence of sites that have not been taken care of.
    Companies that provide web content in which users can participate in need to make cross-site scripting a priority.

    • a) Impact of cross-site scripting

      When a cross-site scripting malicious script is executed, it can cause the following effects on the users of the web content.

      ・ Unauthorized access by obtaining information on cookies, session hijacking impersonating an individual.
      ・ Guidance to input forms that misuse HTML tags, collection of personal information.
      ・ Phishing scams by giving people access to fake sites.

      When these attacks are carried out on a computer, they can lead to specific problems, such as the loss of personal information or infection with malware.
      As a web content manager, you should take action against cross-site scripting as soon as possible, as it can cause financial damage.

      One way to deal with cross-site scripting is to set limits on the values that can be entered into web content so that malicious scripts can't be entered in the first place.
      Validation that puts restrictions on character types and limits on the length of input values can eliminate room for cross-site scripting to some extent.
      You can also use sanitizing to replace special characters and detoxify them so that the script doesn't run.
      Configuring the script to display a specific string with a substitution will prevent a malicious third party from using the script in the way it is supposed to.
      However, since the attack itself is left alone, it is necessary to completely block the attack itself.

    • b) How to handle it in AWS?

      AWS WAF, powered by AWS, can help you combat cross-site scripting threats.
      AWS WAF is a web application firewall designed to accurately protect applications and provides the necessary measures for each web content with various customization features and rule definitions.
      With AWS WAF, cross-site scripting and other threats also can be dealt with widely, so if you want to secure your web content, it's an essential system to check.

      AWS WAF allows you to specify a filter for the cross-site scripting match condition to identify and inspect parts that may contain scripts.
      This filter can be added multiple times so you can find and respond to cross-site scripting in different patterns.
      You can deal with cross-site scripting by adding as many filters as you need.
      Since it's so easy to do, we recommend you to consider using AWS WAF for cross-site scripting as well.

  • 4. Conclusion

    Cross-site scripting poses a threat to a lot of web content, so the right response will continue to be essential.
    Think about how to deal with cross-site scripting with AWS as the axis, and take this opportunity prepare a perfect security system.