Cross Site Scripting XSS

Cross-site scripting (XSS) is a type of attack where malicious scripts are injected into web pages, allowing attackers to hijack user sessions, steal sensitive information, and more. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. Developers can prevent XSS by validating and sanitizing all user input, properly encoding output, using a content security policy, and following secure coding practices.

Uploaded by

manojboga150

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

12 views

Cross Site Scripting XSS

Uploaded by

manojboga150

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 11

Cross-Site Scripting

(XSS)
Presented by:

MANOJ BOGA
Understanding Cross-
Site Scripting (XSS)
Cross-Site Scripting (XSS) is a type of cyber attack where malicious scripts are
injected into web pages, allowing attackers to hijack user sessions, steal sensitive
information, and more. It's a critical vulnerability that every web developer
should understand and mitigate.
How XSS Works
1 Injection
The attacker injects malicious code, typically JavaScript, into a web page or
application.

2 Execution
When the page loads, the malicious script executes, giving the attacker control over
the user's session and data.

3 Exploitation
The attacker can then steal sensitive information, hijack user accounts, or perform
other malicious actions.
Types of XSS Attacks
1 Reflected XSS 2 Stored XSS 3 DOM-based XSS
Where the malicious script Where the malicious script Where the vulnerability
is reflected back to the user is permanently stored on exists in the client-side
through the vulnerable web the server and executed by JavaScript code that
application. every user who views the processes user input.
page.
Identifying XSS Vulnerabilities
Input Validation Output Encoding Code Auditing

Carefully validate and sanitize Properly encode and escape all Regularly audit your codebase to
all user input to prevent the output to prevent the execution identify and fix any potential
injection of malicious scripts. of injected scripts. XSS vulnerabilities.
Preventing XSS Attacks
Input Validation Output Encoding
Validate and sanitize all user input using input Properly encode and escape all output to prevent
validation libraries and techniques. the execution of injected scripts.

Content Security Policy Secure Coding Practices

Use a Content Security Policy (CSP) to restrict the Implement secure coding practices, such as using
sources from which resources can be loaded. parameterized queries and avoiding dynamic
JavaScript generation.
Mitigating XSS Attacks

Web Application Content Security Input Validation Security

Firewall Policy Awareness
Validate and sanitize all
Use a WAF to detect Implement a CSP to user input to prevent the Train developers and
and block XSS attacks restrict the sources of injection of malicious users on the risks of
in real-time. scripts and other scripts. XSS and how to identify
resources. and prevent it.
Real-World XSS Examples
Yahoo! Mail XSS
In 2013, a vulnerability in Yahoo! Mail allowed attackers to steal user data and hijack
accounts.

GitHub XSS
In 2018, an XSS vulnerability in GitHub's Gist feature allowed attackers to steal user
data.

Facebook XSS
In 2019, a critical XSS flaw in Facebook's search functionality allowed attackers to
steal user data.
Importance of XSS Security
Data Theft XSS attacks can be used to steal sensitive user data,
such as login credentials, financial information, and
personal details.

Account Hijacking Attackers can hijack user sessions and take control
of their accounts, allowing them to perform
unauthorized actions.

Malware Delivery XSS vulnerabilities can be exploited to deliver

malware to users, compromising their devices and
networks.

Reputation Damage Successful XSS attacks can severely damage an

organization's reputation and erode user trust.
LAB
<img src=1 href=1 onerror="javascript:alert(thankyou)"></img>

Legal Ethics Checklist QuickList
No ratings yet
Legal Ethics Checklist QuickList
2 pages
Max Whyte - The Uses and Abuses of Nietzsche in The Third Reich - Alfred Baeumler's 'Heroic Realism'
100% (1)
Max Whyte - The Uses and Abuses of Nietzsche in The Third Reich - Alfred Baeumler's 'Heroic Realism'
25 pages
Understanding Cross Site Scripting XSS
No ratings yet
Understanding Cross Site Scripting XSS
8 pages
Cross-Site Scripting (XSS)
No ratings yet
Cross-Site Scripting (XSS)
6 pages
XSS Vulnerabilities
No ratings yet
XSS Vulnerabilities
6 pages
serie11
No ratings yet
serie11
3 pages
NA
No ratings yet
NA
2 pages
Cross Site Scripting (XSS)
No ratings yet
Cross Site Scripting (XSS)
32 pages
What Is Cross-Site Scripting (XSS) ?
No ratings yet
What Is Cross-Site Scripting (XSS) ?
4 pages
XSS Attack and how to mitigate it
No ratings yet
XSS Attack and how to mitigate it
8 pages
Broken Web Security
No ratings yet
Broken Web Security
87 pages
Cross Site Scripting 004
No ratings yet
Cross Site Scripting 004
15 pages
Truth of Cross Site Scripting (XSS)
No ratings yet
Truth of Cross Site Scripting (XSS)
14 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
20 pages
How To Prevent Cross-Site Scripting (XSS) in JavaScript
No ratings yet
How To Prevent Cross-Site Scripting (XSS) in JavaScript
9 pages
XSS
No ratings yet
XSS
3 pages
SecuringWebApplicationsAgainstCross-SiteScriptingXSSVulnerabilities
No ratings yet
SecuringWebApplicationsAgainstCross-SiteScriptingXSSVulnerabilities
8 pages
XSS
No ratings yet
XSS
13 pages
Cross Site Scripting Presentation Slides
No ratings yet
Cross Site Scripting Presentation Slides
23 pages
Cross Script Xss
No ratings yet
Cross Script Xss
3 pages
Xss Attacks & Its Types
No ratings yet
Xss Attacks & Its Types
7 pages
Xss
No ratings yet
Xss
11 pages
Cross-site Scripting (XSS)
No ratings yet
Cross-site Scripting (XSS)
8 pages
Cross Site Scripting (XSS) : Description
No ratings yet
Cross Site Scripting (XSS) : Description
2 pages
XSS (Cross-Site Scripting)
No ratings yet
XSS (Cross-Site Scripting)
18 pages
What is Cross - Copy (3)
No ratings yet
What is Cross - Copy (3)
3 pages
XSS
No ratings yet
XSS
1 page
Browser Security, Part 1
No ratings yet
Browser Security, Part 1
25 pages
WMS Exp2
No ratings yet
WMS Exp2
6 pages
Chapter 7
No ratings yet
Chapter 7
13 pages
[CyberSec'24] Lab05 - Student Version
No ratings yet
[CyberSec'24] Lab05 - Student Version
29 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
3 pages
A Study On Removal Techniques of Cross-Site From Web Application
No ratings yet
A Study On Removal Techniques of Cross-Site From Web Application
7 pages
W03 Web XSS
No ratings yet
W03 Web XSS
38 pages
Cross-Site Scripting: Analysis, Identification and Exploitation
No ratings yet
Cross-Site Scripting: Analysis, Identification and Exploitation
28 pages
38. XSS Revision
No ratings yet
38. XSS Revision
3 pages
Lecture 15 WebSecurity
No ratings yet
Lecture 15 WebSecurity
10 pages
Cross_site_Scripting_and_HTML_Injection__1739193556
No ratings yet
Cross_site_Scripting_and_HTML_Injection__1739193556
17 pages
Cross-site Scripting (XSS)
No ratings yet
Cross-site Scripting (XSS)
7 pages
XSS Attack
No ratings yet
XSS Attack
6 pages
Cross-Site Scripting Attack: Manaloto, Joel Jr. S. BSIT 3-2 Case Study 1
No ratings yet
Cross-Site Scripting Attack: Manaloto, Joel Jr. S. BSIT 3-2 Case Study 1
3 pages
Reducing Attack Surface Corresponding To Type 1 Cross-Site Scripting Attacks Using Secure Development Life Cycle Practices
No ratings yet
Reducing Attack Surface Corresponding To Type 1 Cross-Site Scripting Attacks Using Secure Development Life Cycle Practices
4 pages
07. Cross-Site Scripting (XSS)
No ratings yet
07. Cross-Site Scripting (XSS)
34 pages
Cross Site Scripting Cheat Sheet
No ratings yet
Cross Site Scripting Cheat Sheet
3 pages
A7 - Cross - Site Scripting (XSS) : © 2020 Nexusguard Limited - Confidential & Proprietary
No ratings yet
A7 - Cross - Site Scripting (XSS) : © 2020 Nexusguard Limited - Confidential & Proprietary
5 pages
XSS Attack and Remedies
No ratings yet
XSS Attack and Remedies
13 pages
xss introduction
No ratings yet
xss introduction
9 pages
Cross Site Scripting (XSS) : by Amit Tyagi
0% (1)
Cross Site Scripting (XSS) : by Amit Tyagi
31 pages
Cross Site Scripting (XSS)
No ratings yet
Cross Site Scripting (XSS)
11 pages
Xss White Paper
No ratings yet
Xss White Paper
8 pages
CS Lab 7 PDF
No ratings yet
CS Lab 7 PDF
7 pages
JavaScript Programming: 3 In 1 Security Design, Expressions And Web Development
From Everand
JavaScript Programming: 3 In 1 Security Design, Expressions And Web Development
Richie Miller
No ratings yet
4 XSS
No ratings yet
4 XSS
17 pages
Cross Site Scripting (XSS)
No ratings yet
Cross Site Scripting (XSS)
18 pages
task 2 report xss
No ratings yet
task 2 report xss
16 pages
Xss Documentation
No ratings yet
Xss Documentation
6 pages
Documentation On Xss Vulnerability
No ratings yet
Documentation On Xss Vulnerability
3 pages
10 Practical scenarios for XSS attacks
No ratings yet
10 Practical scenarios for XSS attacks
21 pages
Cross Site Scripting XSS
No ratings yet
Cross Site Scripting XSS
31 pages
Cross Site Scripting: Name/Mohammed Aburas ID/382015800
No ratings yet
Cross Site Scripting: Name/Mohammed Aburas ID/382015800
17 pages
UNIT-III (WEB ATTACKS)
No ratings yet
UNIT-III (WEB ATTACKS)
17 pages
Introduction to Web Hacking: Cross-site Scripting
From Everand
Introduction to Web Hacking: Cross-site Scripting
Gary Drocella
No ratings yet
Case 20 - People v. Pancho, G.R. Nos. 136592-93
No ratings yet
Case 20 - People v. Pancho, G.R. Nos. 136592-93
8 pages
Sample Replevin
100% (1)
Sample Replevin
3 pages
Genetic Counselling For Haemophilia: Katherine Rose Genetic Counsellor Genetic Health Services Victoria
No ratings yet
Genetic Counselling For Haemophilia: Katherine Rose Genetic Counsellor Genetic Health Services Victoria
20 pages
Romeo and Juliet Workbook
No ratings yet
Romeo and Juliet Workbook
136 pages
GARTS Architecture
No ratings yet
GARTS Architecture
4 pages
Key Issue 4 Where Do States Face Threats?: Ch. 8 Political Geography
No ratings yet
Key Issue 4 Where Do States Face Threats?: Ch. 8 Political Geography
4 pages
Download full Canada's Public Diplomacy Nicholas J. Cull ebook all chapters
100% (3)
Download full Canada's Public Diplomacy Nicholas J. Cull ebook all chapters
62 pages
Hemlock Oak - 2025 Minimalist Planner - A5 - Final
No ratings yet
Hemlock Oak - 2025 Minimalist Planner - A5 - Final
208 pages
Aaron H. Zabala - Counter-Affidavit - Alvin
0% (1)
Aaron H. Zabala - Counter-Affidavit - Alvin
5 pages
Computer Ethics in the Digital World
No ratings yet
Computer Ethics in the Digital World
10 pages
Unit 9 The Revolutions Era
No ratings yet
Unit 9 The Revolutions Era
9 pages
Classification of Law
No ratings yet
Classification of Law
14 pages
11 r4m Parent e Story the Legend of Icarus
No ratings yet
11 r4m Parent e Story the Legend of Icarus
10 pages
Bonilla vs. Barcena
No ratings yet
Bonilla vs. Barcena
5 pages
Lesson Plan (Sunday School)
No ratings yet
Lesson Plan (Sunday School)
3 pages
The Catcher in The Rye - Chapter 13 N 14
No ratings yet
The Catcher in The Rye - Chapter 13 N 14
30 pages
Mata v. Ca
No ratings yet
Mata v. Ca
2 pages
Wolf, Naomi - Our Bodies, Our Souls
No ratings yet
Wolf, Naomi - Our Bodies, Our Souls
9 pages
13-05-03 Exhibit 5 To Microsoft Response To Motorola Letter
No ratings yet
13-05-03 Exhibit 5 To Microsoft Response To Motorola Letter
4 pages
Guia Ransom Ware
No ratings yet
Guia Ransom Ware
44 pages
The Puerto Rico Status Question Can The PDF
No ratings yet
The Puerto Rico Status Question Can The PDF
12 pages
GR No 88866 Metropolitan Bank V CA
No ratings yet
GR No 88866 Metropolitan Bank V CA
12 pages
Ramos vs. Rada
No ratings yet
Ramos vs. Rada
2 pages
Film Analysis
0% (1)
Film Analysis
6 pages
Constitutional Law Outline
100% (5)
Constitutional Law Outline
27 pages
Maharaja Ranjit Singh
No ratings yet
Maharaja Ranjit Singh
24 pages
English Pedagogical Module 2: Breaking The Law
No ratings yet
English Pedagogical Module 2: Breaking The Law
32 pages
Central Govt Schemes
No ratings yet
Central Govt Schemes
5 pages

Cross Site Scripting XSS

Uploaded by

Cross Site Scripting XSS

Uploaded by

Cross-Site Scripting

Content Security Policy Secure Coding Practices

Web Application Content Security Input Validation Security

Malware Delivery XSS vulnerabilities can be exploited to deliver

Reputation Damage Successful XSS attacks can severely damage an

You might also like