From the course: Ethical Hacking with JavaScript
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Injection threat - JavaScript Tutorial
From the course: Ethical Hacking with JavaScript
Injection threat
- [Instructor] There are many injection attacks. Such as SQL injection and JavaScript injections. And one of the most common security issue in this category is referred to as cross-site scripting attacks. This attack is basically when malicious code is executed inside of a user input. The danger in this threat is automated code that goes through your public pages and sends code that executes once the form is submitted. Many frameworks such as React and Angular have means to escape the bad code and it submits the input as a string. But not all frameworks are made equal. And if you go to this website, and you scroll down until you see Show Demo, this is a perfect example of a cross-site scripting attack and I often use that example to show you how it works. So if you click on Show Demo, you can do a typical search here. So let's go and do test. And this is the typical result. But let's see what happens. This is an input, so what if did something like this? Script and then I do an alert…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
(Locked)
Injection threat2m 23s
-
(Locked)
Broken authentication1m 54s
-
(Locked)
Sensitive data1m 5s
-
(Locked)
XML external entities1m 6s
-
(Locked)
Security misconfiguration1m 29s
-
(Locked)
Insecure deserialization1m 10s
-
(Locked)
Components with known vulnerabilities1m 12s
-
(Locked)
Insufficient logging and monitoring1m 47s
-
(Locked)
-