Spear Phishing and XSS
by Douglas Berdeaux
XSS is one of the most overlooked problems in information security and one of the easiest to accidentally include in our web applications and pages. The vulnerability can be found in almost every site. Spear Phishing is a focused attack on a company which relies solely on the building of trust and the disheartening fact that the human factor is usually the weakest in IT Security. When used together, these become a devastating attack vector that can be used to thwart even the greatest of security policies and measures in the biggest names of any industry.
Spear Phishing Attacks are so effective when mixed with a good imagination and the right dedication. 2012 was the year of XSS for me in my research and it was well played.
This article will discuss the importance of securing web applications and identity information. It will show how the smallest vulnerability in a web application can lead to the largest identity information breach. The author will also give security tips for database administration of CMS users and will show several web attack methods of hackers who target your data.