From the course: CISSP Cert Prep (2021): 8 Software Development Security
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Understanding cross-site scripting
From the course: CISSP Cert Prep (2021): 8 Software Development Security
Understanding cross-site scripting
- [Instructor] Cross-site scripting attacks are quite dangerous because they can take place without the knowledge of the victim. These attacks, commonly abbreviated as XSS, attacks occur when an attacker embeds a malicious code in a third-party website that runs within the web browsers of other visitors to the site. Let's take a look at how they work. As you may know, webpages are made using HTML code. HTML is a markup language that allows web pages to have all sorts of advanced formatting other than just displaying plain text. HTML authors can add different fonts, include images, link to other sites, and even include small programs called scripts that run in the browsers of visitors to the site. HTML uses the concept of tags to perform all of these actions. For example, the b tag formats bold text, the i tag formats italicized text, and the a tag includes hyperlinks in text. When you're including a tag in a webpage,…
Contents
-
-
-
-
-
OWASP Top 105m 36s
-
Application security4m 13s
-
Preventing SQL injection4m 25s
-
Understanding cross-site scripting3m 17s
-
Request forgery4m 8s
-
Defending against directory traversal3m 6s
-
Overflow attacks3m 21s
-
Explaining cookies and attachments4m 25s
-
Session hijacking4m 8s
-
Code execution attacks2m 43s
-
Privilege escalation1m 56s
-
Driver manipulation2m 16s
-
Memory vulnerabilities3m 34s
-
Race condition vulnerabilities2m 13s
-
-
-
-