From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Vulnerability: XSS filter evasion
From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Vulnerability: XSS filter evasion
- [Instructor] As long as there are fields where the users need to provide data, our apps are exposed to attacks. In our case, we might have multiple places when we ask users to provide data. For example, when a user signs up. This means that there is a potential danger of an XSS attack, where XSS stands for cross-scripting. Harmful input typically consists of JavaScript with the intention to steal session information. The reason why MVC's considered to be a really secure framework is because it has built-in XSS filters enabled. The Razor engine, used to build the front-end of ASP.NET MVC application, automatically escapes all the output strings and effectively neutralizes the attacks that come to the view.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Vulnerability: Object binding vulnerability3m 34s
-
(Locked)
Vulnerability: Dangerous uploaded file type58s
-
(Locked)
Vulnerability: Excessive authentication attempts1m 30s
-
(Locked)
Vulnerability: XSS filter evasion48s
-
(Locked)
Vulnerability: Inclusion of third-party ccripts57s
-
(Locked)
Vulnerability: Cross-site request forgery (CSRF)1m 59s
-
(Locked)
Vulnerability: Open redirect1m 33s
-
(Locked)
-