1. SAP Glossary
  2. Security
  3. reflected cross-site scripting


What is reflected cross-site scripting in SAP BC-SEC - Security?


Instant HelpGet instant SAP help. Start your 7-day free trial now.

SAP Term: reflected cross-site scripting

  • Component: BC-SEC

  • Component Name: Security

  • Description: A type of cross-site scripting attack in which the Web application embeds content received from the HTTP request in its HTTP response. A successful exploitation occurs when the attacker tricks the victim into sending an altered HTTP request. For example, the attacker can send the victim a malicious link or include a hidden iFrame on a vulnerable Web site. The attack has succeeded as soon as the victim clicks the link and the server returns its response. In contrast to stored cross-site scripting, this content is never stored and the attack targets individual users.


Smart SAP Assistant

  • Key Concepts: 
Reflected Cross-Site Scripting (XSS) is a type of security vulnerability in web applications that allows attackers to inject malicious code into web pages viewed by other users. This type of attack is often used to steal user data or hijack user sessions. In SAP, reflected XSS is addressed by the BC-SEC Security component, which provides a secure environment for web applications. 

How to use it: 
The BC-SEC Security component provides a secure environment for web applications by preventing reflected XSS attacks. It does this by validating user input and sanitizing it before it is sent to the server. Additionally, the component can detect malicious code and block it from being executed. 

Tips & Tricks: 
When using the BC-SEC Security component, it is important to ensure that all user input is validated and sanitized before being sent to the server. Additionally, it is important to regularly monitor for malicious code and block any attempts to execute it. 

Related Information: 
For more information on reflected XSS and how to prevent it, please refer to the SAP Security Guide. Additionally, the OWASP Top 10 list provides a comprehensive list of security vulnerabilities and how to address them.

    • Do you have any question about this SAP term?


      Upgrade now to chat with this SAP term.

Instant HelpGet instant SAP help. Start your 7-day free trial now.


Related SAP Glossary Terms

Click the links below to see the following related SAP glossary terms:

  • refinement process step
    An automatic process step that is part of a consolidation process. Ref...

  • refinement process
    A process that is triggered after the data steward creates a refinemen...

  • reflection map
    A texture that contains an image of the surroundings as reflected on a...

  • refractive index
    An index that determines the amount of light that is reflected off the...

Rating
ERPlingo simplifies finding the accurate answers to SAP message errors. I now use every week. A must have tool for anyone working with SAP! Highly recommended!
Rate 1
Kent Bettisworth
Executive SAP Consultant