Cross-site scripting is when attackers are able to add JavaScript code to your webpages that your site will run when other users visit.
- A cross-site scripting attack occurs … when an attacker injects code, … primarily HTLM and JavaScript into your webpages, … so that other users browsers will execute it. … It gets it's name because an attacker sends scripts … across your website to someone else's browser. … Cross-site scripting becomes possible … when webpages output user supplied data … in the HTML response without sanitizing the data first. … Cross-site scripting, often abbreviated as XSS, … is ranked as one of the top 10 security threats … and is the most common web application security flaw. … There are three types of cross-site scripting; … reflected, stored, and DOM-based. … Reflected attacks are the most common type. … Let's look closer at them … because they will help us to understand … all three types. … In a reflected XSS attack, an attacker puts JavaScript code … to be run in a URL string or in the form data … sent with the request. … When the page loads, the script runs immediately, … in the victim's browser. …
Author
Kevin Skoglund
Released
5/3/2019- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Duration
Views
-
Introduction
-
1. Security Overview
-
What is security?3m 12s
-
Why security matters2m 14s
-
What is a hacker?4m 10s
-
Threat models3m 14s
-
-
2. General Security Principles
-
Least privilege3m 55s
-
Simple is more secure2m 49s
-
Never trust users3m 15s
-
Expect the unexpected2m 20s
-
Defense in depth3m 58s
-
Security through obscurity4m 30s
-
Deny lists and allow lists3m 14s
-
-
3. Filter Input, Control Output
-
Regulate requests3m 46s
-
Validate input3m 54s
-
Sanitize data6m 29s
-
Label variables1m 22s
-
Keep code private2m 27s
-
Keep credentials private4m 36s
-
Keep error messages vague2m 17s
-
Smart logging3m 18s
-
-
4. The Most Common Attacks
-
Types of credential attacks5m 18s
-
Strong passwords4m 24s
-
SQL injection7m 31s
-
Cross-site scripting (XSS)6m 34s
-
Cookie visibility and theft4m 52s
-
Session hijacking5m 32s
-
Session fixation3m 25s
-
Remote code execution2m 19s
-
File upload abuse3m 13s
-
Denial of service5m 19s
-
-
Conclusion
-
Next steps2m 26s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Cross-site scripting (XSS)