Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Mike Klemarewski
April 05, 2016
Programming
0
65
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
47
HTTPS
mikeklemarewski
1
47
Injection
mikeklemarewski
1
55
Handy Shell Commands
mikeklemarewski
2
64
Other Decks in Programming
See All in Programming
Web 開発における Deno Fresh の活用例:ペアプロタイマー timer.team の開発
lef237
1
630
Cloudless Computingの論文紹介
yuukit
1
250
Fat Controller は悪か? ~光のFat Controller・闇のガリController~
stwile
1
250
ゼロから始める型安全なGraphQL開発
shachi_daikon55
0
170
How to send distibuted traces to Datadog using build own OpenTelemetry-Lambda distribution
aereal
3
110
君は新しい日付/時刻API Temporal を知っているか?
luccafort
PRO
4
830
過去や未来を扱うのは難しい? 過去と未来に立ち向かうための勘所
shinpeim
2
390
「ナントカLR」を整理する / Clarifying LR Algorithms
junk0612
1
150
K2のKotlin IDEプラグインの中を覗いてみよう♪
yanex
0
1.9k
Kotlin Standard Library Gems
antonarhipov
2
290
Kotlin/Androidでテスト駆動開発をはじめよう
hiroaki404
1
230
宇宙一早くAmazon Bedrock 生成AIアプリ開発入門の献本が届いたので 感想をしみじみ語る
ymd65536
1
180
Featured
See All Featured
Producing Creativity
orderedlist
PRO
338
39k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
23
2k
10 Git Anti Patterns You Should be Aware of
lemiorhan
650
58k
How to name files
jennybc
66
95k
Building a Modern Day E-commerce SEO Strategy
aleyda
22
6.6k
VelocityConf: Rendering Performance Case Studies
addyosmani
321
23k
The Art of Programming - Codeland 2020
erikaheidi
46
12k
Fashionably flexible responsive web design (full day workshop)
malarkey
399
65k
Become a Pro
speakerdeck
PRO
14
4.7k
It's Worth the Effort
3n
180
27k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
359
22k
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN