Cross-site scripting (XSS) flaws enable attackers to execute unauthorized scripts within the users' web browsers. In this video, learn how to test for XSS flaws.
- [Narrator] The seventh set of risks … in the OWASP top 10 list are cross-site scripting flaws. … When I consider cross-site scripting vulnerabilities, … how the mighty have fallen. … For years, cross-site scripting flaws … and injection flaws battled one another … for the number one spot. … Injection flaws have remained at the top of the list, … but cross-site scripting has drifted near the bottom … due in part to the fact that many browsers … now include cross-site scripting protection. … Cross-site scripting is at its core an injection attack … where the attacker injects a malicious script … into the victim's web browser. … That said, there are three distinct types … of cross-site scripting flaws. … Reflected cross-site scripting is perhaps the most common. … These attacks involve hiding the attack … inside the request that the user sends to the server. … In stored cross-site scripting attacks, … the attacker originates instead from the server. … Attackers try to feed input … into a persistent data store behind the application …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.