In this video, learn how one of the most important Top Ten OWASP threats, cross-site scripting, works.
- [Narrator] Let's use Firefox on Hydra … to take a look at the Scorpio website … which is partially under construction. … We can see a slightly modified Apache default website page … with a couple of functions built in … that allow us to make and read the blog entry. … Let's go make a blog entry. … Okay, now let's read that. … We got our nursery rhyme just as we expected. … Let's do that again. … This time I'll include some active scripting in the blog. … (typing) … Okay, let's go back and read that now. … When I visit the read page, … the alert has been executed on my computer. … This is because it has the active code embedded in it … and when it's sent to the browser, … it's executed as a normal website page would be. … Of course, as an attacker, what I would want to do … is drop a script-infected blog onto the site … and wait for an unsuspecting user … to go along and pick it up. … So the script has crossed from the server blog entry … to the victim's browser. … This is a simple cross-site scripting issue. …
- Hackers and the kill chain
- Viruses, spyware, and adware
- Detecting malware with Windows Defender
- Using Windows Firewall and Linux iptables
- Scanning with Nmap
- Monitoring network communications with Netcat
- Combating application-level threats
- Scanning a website to check for vulnerabilities
- Capturing intruders through packet inspection
Skill Level Beginner
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. Why Cybersecurity?
4. Network Scanning
5. Network Connections
6. Vulnerability Scanning
7. Web Applications
8. Monitoring Packets
Next steps1m 27s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.