Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
例外処理とどう使い分ける?Result型を使ったエラー設計 #burikaigi
kajitack
16
6.1k
Best-Practices-for-Cortex-Analyst-and-AI-Agent
ryotaroikeda
1
100
AI Agent の開発と運用を支える Durable Execution #AgentsInProd
izumin5210
7
2.3k
AIによる開発の民主化を支える コンテキスト管理のこれまでとこれから
mulyu
3
260
AIによる高速開発をどう制御するか? ガードレール設置で開発速度と品質を両立させたチームの事例
tonkotsuboy_com
7
2.3k
CSC307 Lecture 06
javiergs
PRO
0
680
Vibe Coding - AI 驅動的軟體開發
mickyp100
0
170
余白を設計しフロントエンド開発を 加速させる
tsukuha
7
2.1k
Basic Architectures
denyspoltorak
0
670
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
6
1.8k
フルサイクルエンジニアリングをAI Agentで全自動化したい 〜構想と現在地〜
kamina_zzz
0
400
組織で育むオブザーバビリティ
ryota_hnk
0
170
Featured
See All Featured
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
65
Into the Great Unknown - MozCon
thekraken
40
2.3k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Music & Morning Musume
bryan
47
7.1k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
940
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.1k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
0
320
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
170
Marketing to machines
jonoalderson
1
4.6k
Site-Speed That Sticks
csswizardry
13
1.1k
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
kajitack
ryotaroikeda
izumin5210
mulyu
tonkotsuboy_com
javiergs
mickyp100
tsukuha
denyspoltorak
kamina_zzz
ryota_hnk
livdayseo
thekraken
rmw
ipullrank
bryan
tamaranovitovic
addyosmani
katarinadahlin
hatefulcrawdad
frankvandijk
jonoalderson
csswizardry
