From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Understanding cross-site scripting
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Understanding cross-site scripting
- [Instructor] Let's now turn our attention to a variety of attacks focused on web applications. Almost every business runs web applications these days and those applications often store, process, and transmit sensitive information. These web applications sometimes serve the public, so firewalls and other security devices are configured to allow access to them from the Internet. If web applications aren't written with sound security practices in mind, they can present a major vulnerability to the organization. Let's take a look at one such vulnerability, the cross-site scripting attack, often abbreviated as XSS. In a cross-site scripting attack, the attacker places a malicious script on a site that contains instructions directing a web browser to access a second site. Then the attack waits. When a victim visits the site, the victim's browser unknowingly downloads and runs the code that attempts to access the second site.…
Contents
-
-
-
-
-
-
-
-
(Locked)
OWASP (Open Web Application Security Project)5m 24s
-
(Locked)
Preventing SQL injection5m 29s
-
(Locked)
Understanding cross-site scripting6m 38s
-
(Locked)
Privilege escalation2m 14s
-
(Locked)
Directory traversal3m 16s
-
(Locked)
Race conditions2m 39s
-
(Locked)
Dereferencing NULL pointers2m 33s
-
(Locked)
Third-party code5m 40s
-
(Locked)
Interception proxies5m 22s
-
(Locked)
-
-
-