Reflected XSS attempts on routes returning HTML
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect Reflected Cross-Site Scripting (XSS) attempts on web services returning HTML. Such security activity generally indicates that an attacker is trying to exploit a potential XSS vulnerability or steal sensitive data.
Strategy
Monitor reflected cross-site scripting attempts (@appsec.security_activity:attack_attempt.xss
) on services returning HTML (@http.response.headers.content-type:text\/html*
).
Excludes requests that use the HEAD
method (-@http.method:HEAD
) because they don’t return a body and are therefore not vulnerable.
Generate an Application Security Signal with LOW
severity.
Triage and response
- Consider blocking the attacking IP(s) temporarily to prevent them to reach deeper parts of your production systems.
- Investigate if the parameters are ending up in the HTML body without sanitization. If they do, fix the code.