From the course: DevSecOps: Automated Security Testing
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Application security vector: XSS
From the course: DevSecOps: Automated Security Testing
Application security vector: XSS
- Cross-Site Scripting, shortened as XSS, is the perennial top vulnerability on the web-application security vulnerabilities list. Well, what is it? OWASP provides this definition: Cross-Site Scripting attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. But what does that mean in practice? It means that since the browser executes JavaScript, the attacker is trying to get their own JavaScript to run with the execution of the rest of the page. The most simple XSS payloads is like this one here. It opens inline script html tags, and fires an alert. When the attacker sees the alert return on their screen, they realize they have found a website that is vulnerable to Cross-Site Scripting. Cross-Site Scripting is a favorite of attackers because it is widespread and flexible. It works in all types of places where user input is accepted, and JavaScript is running. Which is basically every site on the internet. You can break up…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.