From the course: Node.js: Security
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Overview of cross-site scripting
- [Instructor] Cross-site scripting attacks is when a malicious script is injected into a trusted site, for example, add Javascript code into an unsuspecting input in a form, and then use this to use all kinds of no good. Some example of attacks have been pulling data from cookies, session tokens, and all kinds of sensitive information. Let me demonstrate an example of cross-site scripting security issue. So go to google.com/about/appsecurity /learning/xss and once you get to the site, scroll all the way down until you see this demo here, and let's click on show demo, and then let's just try a test. So this is a typical form, so if we do test and search, sorry, no results were found for test, try again, so there's no harm, but let's say for example we would do something like, underline test, and then do a search, then our script is included inside of our test, so whatever code we did in there is also included because right now, this is underlined, so this is not a good sign. So if we…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.