 |
VOOZH | about |
|
VOOZH | about |
Cyber security has become an essential part of the digital world due to the rise in malicious attackers. Cyber security ensures to the protection of data, and systems from cyber attacks like Denial of Service attacks, Ransomware attacks, Virus attacks, etc. These attacks are possible by finding vulnerabilities in the system, network, or any software. Different types of vulnerabilities can be found in any software or system if proper security measures were not taken so we will compare the two most common vulnerabilities which are XSS and SQL Injection to understand the problem and their mitigation.
XSS (Cross-site scripting) can be understood as a web vulnerability that allows attackers to insert malicious JavaScript code into webpages of a vulnerable website. Once the client-side scripts are injected then the attacker can do many unethical tasks like stealing cookies, changing default settings, showing different types of popups, etc. With an XSS attack, an attacker can change the content of the website to defame it or redirect users to other websites.
Mitigation Techniques
SQL Injection can be understood as an attacking technique that uses SQL statements to interact with the database and make it behave abnormally. SQL statements can be injected using various fields like URLs, HTML form fields, cookies, etc. An attacker can insert malicious statements into input fields of a login form to query a database, if injected successfully then it can result in the compromise of the complete database with all the sensitive information like usernames, passwords, etc.
Mitigation Techniques
Following is a table of differences between XSS and SQL Injection:
Category | XSS | SQL Injection |
|---|---|---|
| Definition | It is a technique of injecting client-side scripts using JavaScript on users' browsers to compromise the website. | It is a code injection technique that uses SQL statements for queries database in an abnormal manner to get information stored in the database. |
| Vulnerability Percentage | According to OWASP reports, around 65% of websites are vulnerable to XSS attacks. | According to Invicti Security reports, around 32% of government websites are vulnerable to SQL Injection. |
| Practice Websites | Google XSS Game, alert(1) to win, prompt(1) to win, etc. are some websites to practice XSS attacks. | hacksplaining.com, portswigger.net, acunetix, etc. are common SQL injection practicing websites. |
| Vulnerable Object | All input fields and URLs are vulnerable objects. | URLs interacting with the database, cookies storing data, Input fields, etc. |
| Language Used | It uses JavaScript to write scripts for attacking. | It uses Structured Query Language for compromising database. |
| First Attack | First XSS attack happened in 1999 where attackers maliciously injected the image tags. | First SQL Injection attack was documented in 1998. |
| Rating | It is the third most dangerous vulnerability. | It is the second most powerful vulnerability. |
In the above comparison, we found that both vulnerabilities are of high risk if found in any website or web application. It can lead to the compromise of users' data along with sensitive information like bank accounts or health information. Hence developers must have knowledge of these vulnerabilities and implement the techniques to mitigate the attacks.
