Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
CSC307 Lecture 14
javiergs
PRO
0
470
CDIの誤解しがちな仕様とその対処TIPS
futokiyo
0
220
ポーリング処理廃止によるイベント駆動アーキテクチャへの移行
seitarof
3
1.1k
ロボットのための工場に灯りは要らない
watany
10
2.9k
20260313 - Grafana & Friends Taipei #1 - Kubernetes v1.36 的開發雜記:那些困在 Alpha 加護病房太久的 Metrics
tico88612
0
200
AIに任せる範囲を安全に広げるためにやっていること
fukucheee
0
130
ふつうのRubyist、ちいさなデバイス、大きな一年 / Ordinary Rubyists, Tiny Devices, Big Year
chobishiba
1
460
エンジニアの「手元の自動化」を加速するn8n 2026.02.27
symy2co
0
160
技術検証結果の整理と解析をAIに任せよう!
keisukeikeda
0
120
Rで始めるML・LLM活用入門
wakamatsu_takumu
0
180
DevinとClaude Code、SREの現場で使い倒してみた件
karia
1
1.1k
Go 1.26でのsliceのメモリアロケーション最適化 / Go 1.26 リリースパーティ #go126party
mazrean
1
400
Featured
See All Featured
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
270
Building AI with AI
inesmontani
PRO
1
800
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
220
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.2k
Music & Morning Musume
bryan
47
7.1k
Amusing Abliteration
ianozsvald
0
130
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
140
Prompt Engineering for Job Search
mfonobong
0
190
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
320
Designing for Timeless Needs
cassininazir
0
160
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
190
Faster Mobile Websites
deanohume
310
31k
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
javiergs
futokiyo
seitarof
watany
tico88612
fukucheee
chobishiba
symy2co
keisukeikeda
wakamatsu_takumu
karia
mazrean
kimpetersen
inesmontani
axbom
aleyda
bryan
ianozsvald
techseoconnect
mfonobong
jct
cassininazir
deanohume
