From the course: Security Testing: Vulnerability Management with Nessus
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Understanding cross-site scripting - Nessus Tutorial
From the course: Security Testing: Vulnerability Management with Nessus
Understanding cross-site scripting
- [Narrator] Let's now turn our attention to a variety of attacks focused on web applications. Almost every business runs web applications these days. And those applications often store, process, and transmit sensitive information. These web applications sometimes serve the public. So firewalls, and other security devices are configured to allow access to them from the Internet. If web applications aren't written with sound security practices in mind, they can present a major vulnerability to the organization. Let's take a look at once such vulnerability. The cross-site scripting attack. Often abbreviated as XSS. In a cross-site scripting attack, the attacker places a malicious script on a site, that contains instructions directing a web browser to access a second site. Then the attacker waits. When a victim visits the site, the victim's browser unknowingly downloads and runs the code that attempts to access the second site. If the victim is already logged in to the second site, the…
Contents
-
-
-
-
-
-
-
-
(Locked)
Server vulnerabilities5m 18s
-
(Locked)
Endpoint vulnerabilities1m 44s
-
(Locked)
Network vulnerabilities4m 29s
-
(Locked)
Virtualization vulnerabilities2m 35s
-
(Locked)
Industrial control systems4m 36s
-
(Locked)
Understanding cross-site scripting5m 24s
-
(Locked)
Preventing SQL injection5m 29s
-
(Locked)
-