In cross-site scripting (XSS) attacks, attackers place malicious scripts on a website that contains instructions directing a web browser to access a second site. In this video, learn how attackers wage XXS attacks and the ways that security professionals may defend against these attacks on their websites.
- [Instructor] Let's now turn our attention…to a variety of attacks focused on web applications.…Almost every business runs web applications these days,…and those applications often store, process,…and transmit sensitive information.…These web applications sometimes serve the public,…so firewalls and other security devices are configured…to allow access to them from the internet.…If web applications aren't written…with sound security practices in mind,…they can present a major vulnerability to the organization.…Let's take a look at one such vulnerability,…the cross-site scripting attack, often abbreviated as XSS.…
In a cross-site scripting attack,…the attacker places a malicious script on a site…that contains instructions directing a web browser…to access a second site.…Then the attacker waits.…When a victim visits the site,…the victim's browser unknowingly downloads and runs the code…that attempts to access the second site.…If the victim is already logged in to the second site,…the attacker's code can perform actions…
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Software development methodologies
- Operation, maintenance, and change management
- Cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software