Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
Basic Architectures
denyspoltorak
0
670
AIと一緒にレガシーに向き合ってみた
nyafunta9858
0
230
HTTPプロトコル正しく理解していますか? 〜かわいい猫と共に学ぼう。ฅ^•ω•^ฅ ニャ〜
hekuchan
2
680
Data-Centric Kaggle
isax1015
2
770
なぜSQLはAIぽく見えるのか/why does SQL look AI like
florets1
0
450
360° Signals in Angular: Signal Forms with SignalStore & Resources @ngLondon 01/2026
manfredsteyer
PRO
0
120
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
izumin5210
7
2.3k
AI巻き込み型コードレビューのススメ
nealle
1
170
Fragmented Architectures
denyspoltorak
0
150
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
tetutetu214
2
110
IFSによる形状設計/デモシーンの魅力 @ 慶應大学SFC
gam0022
1
300
CSC307 Lecture 04
javiergs
PRO
0
660
Featured
See All Featured
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
96
Google's AI Overviews - The New Search
badams
0
900
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
60
42k
Amusing Abliteration
ianozsvald
0
99
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.4k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
65
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
210
The Curious Case for Waylosing
cassininazir
0
230
Mind Mapping
helmedeiros
PRO
0
80
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
820
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
denyspoltorak
nyafunta9858
hekuchan
isax1015
florets1
manfredsteyer
izumin5210
nealle
tetutetu214
gam0022
javiergs
tmiket
badams
sugarenia
rkaga
ianozsvald
csswizardry
marcduiker
stuffmc
inesmontani
cassininazir
helmedeiros
tammyeverts
