Search Our Knowledge Base
What is Reflected XSS?
Reflected XSS is a kind of cross-site scripting attack, where malicious script is injected into websites that are trusted or otherwise benign. Typically, the injection occurs when an unsuspecting user clicks on a link that is specifically designed to attack the website they are visiting. For example, on websites that rely on user-generated content like forums or comment sections, attackers may post malicious code that infects anyone who views it or clicks on it.
While these attacks are among the most frequent risks to application security, reflected XSS and cross site scripting prevention is rather simple when enterprises have the right tools.
Stopping reflected XSS attacks with Veracode
As a global leader in application security testing solutions, Veracode provides a platform of cloud-based services for finding and fixing flaws such as reflected XSS vulnerabilities or Java SQL injection in applications you build, buy and assemble.
As a SaaS-based solution, Veracode provides application testing services on demand, enabling you to avoid capital expenditure for on-premise hardware and software. Code can be submitted via an online platform, with results returned within a matter of hours. That means development teams can easily integrate testing for reflected XSS vulnerabilities and other flaws into the software development lifecycle (SDLC). Veracode’s solutions also provide testing for third-party applications, open source components and web applications and websites that are already operational.
Download Veracode’s XSS Cheat Sheet, a summary of everything you need to know about reflected XSS vulnerabilities and other cross site scripting attacks.
Veracode services for finding reflected XSS vulnerabilities
Veracode offers comprehensive services that can help organizations meet web application security standards. These include:
- Static Analysis services that scan binaries to find and fix flaws.
- Veracode Static Analysis IDE Scan, a tool that provides application security feedback to developers as they write code.
- Software Composition Analysis for identifying flaws like reflected XSS in open source components.
- Vendor Application Security Testing for evaluating security risks in third-party applications.
- Web Application Scanning that can identify vulnerabilities in all public-facing web sites and applications.
Learn more about avoiding a reflected XSS attack with Veracode, and about Veracode’s solutions for DevSecOps and for a CSRF token.