From the course: CISSP Cert Prep (2021): 8 Software Development Security

Unlock the full course today

Join today to access over 22,500 courses taught by industry experts or purchase this course individually.

Understanding cross-site scripting

Understanding cross-site scripting

From the course: CISSP Cert Prep (2021): 8 Software Development Security

Start my 1-month free trial

Understanding cross-site scripting

- [Instructor] Cross-site scripting attacks are quite dangerous because they can take place without the knowledge of the victim. These attacks, commonly abbreviated as XSS, attacks occur when an attacker embeds a malicious code in a third-party website that runs within the web browsers of other visitors to the site. Let's take a look at how they work. As you may know, webpages are made using HTML code. HTML is a markup language that allows web pages to have all sorts of advanced formatting other than just displaying plain text. HTML authors can add different fonts, include images, link to other sites, and even include small programs called scripts that run in the browsers of visitors to the site. HTML uses the concept of tags to perform all of these actions. For example, the b tag formats bold text, the i tag formats italicized text, and the a tag includes hyperlinks in text. When you're including a tag in a webpage,…

Contents