Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
AI巻き込み型コードレビューのススメ
nealle
1
160
高速開発のためのコード整理術
sutetotanuki
1
390
MUSUBIXとは
nahisaho
0
130
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
540
それ、本当に安全? ファイルアップロードで見落としがちなセキュリティリスクと対策
penpeen
7
3.9k
MDN Web Docs に日本語翻訳でコントリビュート
ohmori_yusuke
0
650
Implementation Patterns
denyspoltorak
0
280
dchart: charts from deck markup
ajstarks
3
990
Data-Centric Kaggle
isax1015
2
770
360° Signals in Angular: Signal Forms with SignalStore & Resources @ngLondon 01/2026
manfredsteyer
PRO
0
120
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
tetutetu214
2
110
AI時代の認知負荷との向き合い方
optfit
0
160
Featured
See All Featured
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
240
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
180
WCS-LA-2024
lcolladotor
0
450
Music & Morning Musume
bryan
47
7.1k
First, design no harm
axbom
PRO
2
1.1k
Un-Boring Meetings
codingconduct
0
200
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
84
Prompt Engineering for Job Search
mfonobong
0
160
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
0
250
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.8k
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
nealle
sutetotanuki
nahisaho
ivargrimstad
penpeen
ohmori_yusuke
denyspoltorak
ajstarks
isax1015
manfredsteyer
tetutetu214
optfit
skipperchong
malarkey
axbom
lcolladotor
bryan
codingconduct
techseoconnect
mfonobong
reverentgeek
aleyda
csswizardry
