ICT participants, students sensitized on XSS

Picture credit: cloudflare.com

A workshop has been held to sensitize computer web application developers, programmers and a host of technocrats in the Information Communication Technology (ICT) sector to educate them on the impact of Cross Site Scripting (XSS) and the action to take when one’s or a company’s website appears to be hacked.

Cross Site Scripting is a common attack that injects malicious or code or script into a vulnerable web application.  When successful, it could have devastating consequences for the reputation of an online business and damage the relationship it has with the clients.

One of the most problematic elements of cybersecurity has been the constantly evolving nature of security risks. The traditional approach has always been to focus resources on crucial system components and protect against the biggest known threats, which meant leaving components undefended and not protecting systems against less dangerous risks.

On most occasion, when institutions websites are hacked, the immediate alternative measure taken is a backup. This is done without most often taking the pains to know how and why it happened. To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach.

Addressing the need to continuously create the awareness and educate people on the impact of cyber threats against software and application security, Open Web Application Project (OWASP) – a Non-governmental Organisation (NGO) has been the front-liner in their quest to ensure people are made aware of the kind of links they log-on to or click on.

Lead security researcher, Adam Nurudini noted that the impact of an exploited XSS vulnerability varies from redirection, session hijacking, cross site request forgery and a host of others, thus entreated participants that the moment they visit a site and a notification pops up which redirect them to click on a link, they should be wary of the cyber threat it could have on their security.

A Cyber security expert and the Team Leader of Ghana Chapter of OWASP, Mr Ash Dastmalchi, told the Goldstreet Business the focus of the sensitization programme was to improve the security of software and make them security visible.

By Dundas Whigham