From the course: ASP.NET: Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Cross-site scripting (XSS): The attack
From the course: ASP.NET: Security
Cross-site scripting (XSS): The attack
- [Voiceover] One of the most common and most dangerous attacks against web applications these days is cross site scripting. The term cross site scripting is a little bit unfortunate it was coined if I remember correctly by Microsoft engineers but what they really meant instead of cross site scripting is rather something like JavaScript injection and maybe with some attack vectors, HTML injection and this is one way of how cross site scripting might work. So client sends an HTTP request to the server and sends some JavaScript code along with it sometimes on purpose but sometimes just by clicking on a malicious link that was sent via let's say email. and as you've just seen the server then bounces back that piece of JavaScript and that JavaScript code then runs in the security context of the current website that's one of the most common forms of cross site scripting. Cross site scripting is super dangerous and it's also possible in our online shop. Before we have an actual look at…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
(Locked)
OWASP Top 103m 36s
-
(Locked)
Cross-site scripting (XSS): The attack5m 10s
-
(Locked)
Cross-site scripting (XSS): The defense4m 18s
-
(Locked)
Cross-site scripting (XSS) in JavaScript5m 19s
-
(Locked)
Same-origin policy and CORS5m 12s
-
(Locked)
Enabling CORS in ASP.NET Web API6m 20s
-
(Locked)
SQL injection with ADO.NET3m 56s
-
(Locked)
SQL injection with Entity Framework3m 32s
-
(Locked)
Fixing SQL injection4m 27s
-
(Locked)
Cross-Site Request Forgery (CSRF)4m 40s
-
(Locked)
Defending against CSRF4m 24s
-
(Locked)
-
-
-
-