Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
責任感のあるCloudWatchアラームを設計しよう
akihisaikeda
3
170
AI前提で考えるiOSアプリのモダナイズ設計
yuukiw00w
0
230
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
6
1.8k
0→1 フロントエンド開発 Tips🚀 #レバテックMeetup
bengo4com
0
560
今から始めるClaude Code超入門
448jp
8
8.6k
今こそ知るべき耐量子計算機暗号(PQC)入門 / PQC: What You Need to Know Now
mackey0225
3
370
AIによる開発の民主化を支える コンテキスト管理のこれまでとこれから
mulyu
3
250
FOSDEM 2026: STUNMESH-go: Building P2P WireGuard Mesh Without Self-Hosted Infrastructure
tjjh89017
0
160
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
200
フロントエンド開発の勘所 -複数事業を経験して見えた判断軸の違い-
heimusu
7
2.8k
Vibe Coding - AI 驅動的軟體開發
mickyp100
0
170
Fragmented Architectures
denyspoltorak
0
150
Featured
See All Featured
The Limits of Empathy - UXLibs8
cassininazir
1
210
Chasing Engaging Ingredients in Design
codingconduct
0
110
Google's AI Overviews - The New Search
badams
0
900
Abbi's Birthday
coloredviolet
1
4.7k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.7k
Code Review Best Practice
trishagee
74
20k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
160
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
190
Designing Powerful Visuals for Engaging Learning
tmiket
0
230
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
62
49k
Context Engineering - Making Every Token Count
addyosmani
9
650
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
akihisaikeda
yuukiw00w
izumin5210
bengo4com
448jp
mackey0225
mulyu
tjjh89017
tasshi
heimusu
mickyp100
denyspoltorak
cassininazir
codingconduct
badams
coloredviolet
honnibal
trishagee
chriscoyier
kimpetersen
tmiket
soudai
addyosmani
