Cross-Side Scripting Demystified

What is cross-side scripting? It’s time to define this often-misused term to help the community understand the practice and risks associated with cross-side scripting:

Cross-side scripting (XSS) is the practice of writing across the side of an object.

It really is that deceptively simple. The side can belong to any object, such as paper, computer monitor, Rubik’s Cube, truck and house. Purists insist that XSS writing be placed diagonally across the object’s side. However, modern XSS practices often incorporate writing that is horizontal with respect to the object’s X-axis.

Some of the risks of cross-side scripting include:

  • Defacement of the object’s surface without the owner’s consent. In this respect, XSS is sometimes compared to graffiti.
  • Wear and tear of the writing instrument, particularly when XSS takes place without regard for the instrument’s durability specifications
  • Gradual strain injury of the person engaged in frequent XSS practices. (Similar to repetitive strain injury.)

The most effective way of resisting cross-side scripting attacks involves avoiding the use of objects that have sides—for instance, employing a spherical structure in the building’s architecture instead of a parallelepiped. Another risk mitigation strategy involves coating the object’s sides with writing-resistant materials, such as those that follow the ASTM D6578 – 08 standard.

Cross-side scripting is sometimes confused with of cross-eyed scripting and cross-site scripting. The description of these terms is outside the scope of this note.

If you found this cross-side scripting definition useful, you might also like my 10-Step Guide to Hacking Logs.

Lenny Zeltser

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more