In cross-site scripting (XSS) attacks, attackers place malicious scripts on a website that contains instructions directing a web browser to access a second site. In this video, learn how attackers wage cross-site scripting attacks and the ways that security professionals may defend against these attacks on their websites.
- [Narrator] Cross-site scripting attacks…are one of the most dangerous web-based attacks…on the internet today.…They're easily executed by attackers…and can take place without the knowledge of the victim.…Cross-site scripting attacks,…commonly abbreviated as XSS attacks,…occur when an attacker embeds malicious code…in a third-party website…that then runs within the web browsers…of other visitors to that site.…Let's take a look at how they work.…As you may know, webpages are made using HTML code.…
HTML is a markup language that allows webpages…to have all sorts of advanced functionality…other than just displaying plain text.…HTML authors can add different fonts, include images,…link to other sites and even include small programs…called scripts that run in the browsers…of visitors to the site.…HTML uses the concept of tags…to perform all of these actions.…For example, the b tag formats bold text.…
The i tag formats italicized text.…And the a tag is used to include hyperlinks in a webpage.…When you're including a tag in a webpage,…
Members who take all eight courses in the series will be prepared to take and pass the CISSP exam. Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding security and evaluation models
- Cloud computing and virtualization
- Securing hardware
- Client and server vulnerabilities
- Web security vulnerabilities
- Securing mobile and smart devices
- Understanding encryption
- Key management and public key infrastructure
- Physical security
Skill Level Advanced
1. Security Engineering
2. Cloud Computing and Virtualization
3. Hardware Security
4. Client and Server Vulnerabilities
5. Web Security
6. Mobile Security
7. Smart Device Security
9. Symmetric Cryptography
10. Asymmetric Cryptography
11. Key Management
12. Public Key Infrastructure
13. Cryptanalytic Attacks
14. Physical Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.