What is DOM-based XSS?
A DOM-based cross-site scripting (XSS) attack happens when a threat actor modifies the document object model (DOM) environment in the victim’s browser. So, while the HTML itself doesn’t change, the code on the client side executes differently. This type of attack is also sometimes referred to as “type-0 XSS.”
DOM-based XSS Sources
How does an attack work?
- Threat actor searches for and discovers a DOM-based XSS vulnerability on an organization’s website
- The threat actor builds malicious code that redirects the URL to the new target.
- A customer or client of the organization clicks on the malicious URL
- The victim’s browser sends a request to the organization’s now-vulnerable site.
- The organization’s web server responds with the requested web page, triggering the malicious script.
- The victim’s browser now renders the web page that contains the malicious XSS script.
How to test for DOM-based XSS
To manually test for this type of attack, software engineers or application security professionals need a browser with developer tools. When done manually, developers or security staff must test each source individually. Fortunately, automated monitoring and inspection solutions speed up the process to quickly identify unauthorized DOM-based activity.
How do DOM-based XSS vulnerabilities happen?
How to prevent an attack
- Audit web assets: Inventory your web assets and know the type of data they hold. Look for vulnerable scripts and any signs of manipulation.
- Regularly scan the client side: Regularly conduct deep-dive analysis into client-side applications and software to reveal intrusions, behavioral anomalies, and unknown threats.
- Sanitize client-side code: Inspect references to DOM objects to see if they contain any malicious code.