From the course: DevSecOps: Automated Security Testing

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Application security vector: XSS

Application security vector: XSS

From the course: DevSecOps: Automated Security Testing

Start my 1-month free trial

Application security vector: XSS

- Cross-Site Scripting, shortened as XSS, is the perennial top vulnerability on the web-application security vulnerabilities list. Well, what is it? OWASP provides this definition: Cross-Site Scripting attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. But what does that mean in practice? It means that since the browser executes JavaScript, the attacker is trying to get their own JavaScript to run with the execution of the rest of the page. The most simple XSS payloads is like this one here. It opens inline script html tags, and fires an alert. When the attacker sees the alert return on their screen, they realize they have found a website that is vulnerable to Cross-Site Scripting. Cross-Site Scripting is a favorite of attackers because it is widespread and flexible. It works in all types of places where user input is accepted, and JavaScript is running. Which is basically every site on the internet. You can break up…

Contents