Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
FOSDEM 2026: STUNMESH-go: Building P2P WireGuard Mesh Without Self-Hosted Infrastructure
tjjh89017
0
170
CSC307 Lecture 03
javiergs
PRO
1
490
Oxlint JS plugins
kazupon
1
930
Implementation Patterns
denyspoltorak
0
280
AIによるイベントストーミング図からのコード生成 / AI-powered code generation from Event Storming diagrams
nrslib
2
1.9k
Automatic Grammar Agreementと Markdown Extended Attributes について
kishikawakatsumi
0
190
Honoを使ったリモートMCPサーバでAIツールとの連携を加速させる!
tosuri13
1
180
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
tetutetu214
2
110
OCaml 5でモダンな並列プログラミングを Enjoyしよう!
haochenx
0
140
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
6
1.8k
[KNOTS 2026登壇資料]AIで拡張‧交差する プロダクト開発のプロセス および携わるメンバーの役割
hisatake
0
280
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
momok47
0
200
Featured
See All Featured
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
0
320
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
110
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.4k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2k
Building Applications with DynamoDB
mza
96
6.9k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.4k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
450
How to Ace a Technical Interview
jacobian
281
24k
SEO for Brand Visibility & Recognition
aleyda
0
4.2k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
830
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
71k
Skip the Path - Find Your Career Trail
mkilby
0
55
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
tjjh89017
javiergs
kazupon
denyspoltorak
nrslib
kishikawakatsumi
tosuri13
tetutetu214
haochenx
izumin5210
hisatake
momok47
katarinadahlin
mkilby
sergeychernyshev
inesmontani
mza
marcduiker
tammyeverts
jacobian
aleyda
soudai
