From the course: ASP.NET: Security

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Cross-site scripting (XSS): The attack

Cross-site scripting (XSS): The attack

From the course: ASP.NET: Security

Start my 1-month free trial

Cross-site scripting (XSS): The attack

- [Voiceover] One of the most common and most dangerous attacks against web applications these days is cross site scripting. The term cross site scripting is a little bit unfortunate it was coined if I remember correctly by Microsoft engineers but what they really meant instead of cross site scripting is rather something like JavaScript injection and maybe with some attack vectors, HTML injection and this is one way of how cross site scripting might work. So client sends an HTTP request to the server and sends some JavaScript code along with it sometimes on purpose but sometimes just by clicking on a malicious link that was sent via let's say email. and as you've just seen the server then bounces back that piece of JavaScript and that JavaScript code then runs in the security context of the current website that's one of the most common forms of cross site scripting. Cross site scripting is super dangerous and it's also possible in our online shop. Before we have an actual look at…

Contents