The explosive growth of Internet commerce in a little more than a decade has transformed the way we do business. But the rise of e-commerce has generated a concurrent surge of Internet crime into a multi-billion-a-year industry, as criminals follow the money, the countless potential online victims and the vulnerability of web applications to easy exploitation.
Cross-site scripting (XSS) attacks are perhaps the most widespread of Web exploits preying on businesses and consumers. The flaws are relatively easy to find and easy to remediate, yet XSS remains a highly dangerous and, arguably, the most widespread of Web application attacks.
There’s no reason that the advance of cross-site scripting attacks can’t be stemmed and reversed, starting in 2011. Forward-thinking organizations have begun baking security into their software development lifecycles and procurement programs. An independent verification of security quality of applications they build, buy and outsource is becoming an integral part of an organizations risk management strategy. Automated testing of compiled code, available as a SaaS offering, is proficient at detecting XSS flaws, evaluating the business risk they pose, and providing help with remediation.
Application development and application security teams and practitioners can, in fact, begin automated testing and detection of XSS vulnerabilities immediately, using a Free Service from Veracode. In this white paper, you’ll learn more about the cross-site scripting threat, how automated code testing can help detect and remediate it, and the free service that will help energize your application security program.