From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Cross-site scripting prevention
From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering
Cross-site scripting prevention
- [Instructor] Cross site scripting attacks are quite dangerous because they can take place without the knowledge of the victim. These attacks commonly abbreviated as XSS attacks occur when an attacker embeds a malicious code in a third party website that runs within the web browsers of other visitors to the site. Let's take a look at how they work. As you may know, webpages are made using HTML code. HTML is a markup language that allows web pages to have all sorts of advanced formatting other than just displaying plain text. HTML authors can add different fonts, include images, link to other sites, and even include small programs called scripts that run in the browsers of visitors to the site. HTML uses the concept of tags to perform all of these actions. For example, the <b> tag formats bold text, the <i> tag formats italicized text, and the <a> tag includes hyperlinks in text. When you're including a tag in a webpage,…
Contents
-
-
-
-
-
-
-
(Locked)
OWASP Top 105m 36s
-
(Locked)
SQL injection prevention4m 25s
-
(Locked)
Cross-site scripting prevention3m 17s
-
(Locked)
Cross-site request forgery prevention4m 8s
-
(Locked)
Defending against directory traversal3m 6s
-
(Locked)
Overflow attacks3m 21s
-
(Locked)
Session hijacking4m 8s
-
(Locked)
Privilege escalation1m 56s
-
(Locked)
-
-
-
-
-
-
-
-
-
-
-