Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
AI によるインシデント初動調査の自動化を行う AI インシデントコマンダーを作った話
azukiazusa1
1
710
フルサイクルエンジニアリングをAI Agentで全自動化したい 〜構想と現在地〜
kamina_zzz
0
400
Package Management Learnings from Homebrew
mikemcquaid
0
220
生成AIを使ったコードレビューで定性的に品質カバー
chiilog
1
260
CSC307 Lecture 05
javiergs
PRO
0
500
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
6
1.8k
CSC307 Lecture 01
javiergs
PRO
0
690
「ブロックテーマでは再現できない」は本当か?
inc2734
0
960
コントリビューターによるDenoのすゝめ / Deno Recommendations by a Contributor
petamoriken
0
200
MDN Web Docs に日本語翻訳でコントリビュート
ohmori_yusuke
0
650
AI Schema Enrichment for your Oracle AI Database
thatjeffsmith
0
270
CSC307 Lecture 02
javiergs
PRO
1
780
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
RailsConf 2023
tenderlove
30
1.3k
Un-Boring Meetings
codingconduct
0
200
Unsuck your backbone
ammeep
671
58k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
110
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
240
The Spectacular Lies of Maps
axbom
PRO
1
520
Claude Code のすすめ
schroneko
67
210k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Darren the Foodie - Storyboard
khoart
PRO
2
2.4k
Building AI with AI
inesmontani
PRO
1
690
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
azukiazusa1
kamina_zzz
mikemcquaid
chiilog
javiergs
izumin5210
inc2734
petamoriken
ohmori_yusuke
thatjeffsmith
marcelosomers
tenderlove
codingconduct
ammeep
mkilby
samlambert
kimpetersen
axbom
schroneko
afnizarnur
khoart
inesmontani
