Cascading Style Sheets (CSS) is a method of adding styles, such as fonts and colors, to a website.
CSS files can be internal or external. Internal CSS is hosted on your own website while external CSS is hosted somewhere else, not present on your website. In both cases, you insert a link to this file within the HTML code.
To protect the web application from possible attacks, it is important not to load and use untrusted CSS files. Additionally, if you load a CSS file over an HTTP connection, using clear text, it can be dangerous.
These files can act as an attack vector. Attackers can use CSS to add some malicious code into a webpage’s HTML and enable it to run within the content of a website. For instance, cybercriminals can extract data from a server by using CSS selectors.
Once the scan is completed, all CSS files are listed under the CSS Files node in the Knowledge Base, highlighted in red and bold. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.
Invicti forms Knowledge Base Nodes on its findings. If the CSS Files node is not listed, it means that Invicti did not find any.
For further information, see Knowledge Base Nodes.
How to View the CSS Files Node in Invicti Enterprise
- Log in to Invicti Enterprise.
- From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
- Next to the relevant website, click Report.
- From the Technical Report section, click the Knowledge Base tab.
- Click the CSS Files node. The information is displayed in a CSS Files tab.
How to View the CSS Files Node in Invicti Standard
- Open Invicti Standard
- Start a Scan or open a previously saved scan.
- The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)
- Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
- Click the CSS Files node in the Knowledge Base. All detected CSS Files are displayed in the Knowledge Base Viewer.