Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
Fragmented Architectures
denyspoltorak
0
150
360° Signals in Angular: Signal Forms with SignalStore & Resources @ngLondon 01/2026
manfredsteyer
PRO
0
120
Basic Architectures
denyspoltorak
0
670
AIで開発はどれくらい加速したのか?AIエージェントによるコード生成を、現場の評価と研究開発の評価の両面からdeep diveしてみる
daisuketakeda
1
2.5k
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
6
1.8k
humanlayerのブログから学ぶ、良いCLAUDE.mdの書き方
tsukamoto1783
0
190
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
tetutetu214
2
110
なぜSQLはAIぽく見えるのか/why does SQL look AI like
florets1
0
460
Amazon Bedrockを活用したRAGの品質管理パイプライン構築
tosuri13
4
600
インターン生でもAuth0で 認証基盤刷新が出来るのか
taku271
0
190
Apache Iceberg V3 and migration to V3
tomtanaka
0
160
高速開発のためのコード整理術
sutetotanuki
1
400
Featured
See All Featured
Automating Front-end Workflow
addyosmani
1371
200k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
180
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
140
A better future with KSS
kneath
240
18k
A Modern Web Designer's Workflow
chriscoyier
698
190k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
It's Worth the Effort
3n
188
29k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
66
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
71k
Making Projects Easy
brettharned
120
6.6k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Context Engineering - Making Every Token Count
addyosmani
9
650
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
denyspoltorak
manfredsteyer
daisuketakeda
izumin5210
tsukamoto1783
tetutetu214
florets1
tosuri13
taku271
tomtanaka
sutetotanuki
addyosmani
davetheseo
samtorres
kneath
chriscoyier
panda_program
3n
stuffmc
soudai
brettharned
