Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Mike Klemarewski
April 05, 2016
Programming
72
0
Share
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
Going Multiplatform with Your Android App (Android Makers 2026)
zsmb
2
380
Mastering Event Sourcing: Your Parents Holidayed in Yugoslavia
super_marek
0
150
Coding at the Speed of Thought: The New Era of Symfony Docker
dunglas
0
4.8k
Linux Kernelの1文字のミスで 権限昇格ができた話
rqda
0
2.3k
RSAが破られる前に知っておきたい 耐量子計算機暗号(PQC)入門 / Intro to PQC: Preparing for the Post-RSA Era
mackey0225
3
130
Laravel Nightwatchの裏側 - Laravel公式Observabilityツールを支える設計と実装
avosalmon
1
330
ふりがな Deep Dive try! Swift Tokyo 2026
watura
0
190
Coding as Prompting Since 2025
ragingwind
0
790
「効かない!」依存性注入(DI)を活用したAPI Platformのエラーハンドリング奮闘記
mkmk884
0
320
Java 21/25 Virtual Threads 소개
debop
0
340
実践CRDT
tamadeveloper
0
450
Xdebug と IDE による デバッグ実行の仕組みを見る / Exploring-How-Debugging-Works-with-Xdebug-and-an-IDE
shin1x1
0
360
Featured
See All Featured
My Coaching Mixtape
mlcsv
0
97
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.1k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
490
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Thoughts on Productivity
jonyablonski
76
5.1k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
790
Believing is Seeing
oripsolob
1
110
HDC tutorial
michielstock
1
610
Exploring anti-patterns in Rails
aemeredith
3
310
Building a Modern Day E-commerce SEO Strategy
aleyda
45
9k
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
1
2.5k
Visualization
eitanlees
150
17k
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
zsmb
super_marek
dunglas
rqda
mackey0225
%20zoom.jpeg){kind=avatar}
avosalmon
watura
ragingwind
mkmk884
debop
tamadeveloper
shin1x1
mlcsv
inesmontani
honzajavorek
tanoku
jonyablonski
aleyda
oripsolob
michielstock
aemeredith
lindahogenes
eitanlees
