Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
What Spring Developers Should Know About Jakarta EE
ivargrimstad
0
520
オブザーバビリティ駆動開発って実際どうなの?
yohfee
3
850
TipKitTips
ktcryomm
0
170
Ruby x Terminal
a_matsuda
7
600
AI時代でも変わらない技術コミュニティの力~10年続く“ゆるい”つながりが生み出す価値
n_takehata
2
750
20260313 - Grafana & Friends Taipei #1 - Kubernetes v1.36 的開發雜記:那些困在 Alpha 加護病房太久的 Metrics
tico88612
0
200
Everything Claude Code OSS詳細 — 5層構造の中身と導入方法
targe
0
110
CSC307 Lecture 15
javiergs
PRO
0
250
文字コードの話
qnighy
44
17k
LangChain4jとは一味違うLangChain4j-CDI
kazumura
1
190
How to stabilize UI tests using XCTest
akkeylab
0
130
CDIの誤解しがちな仕様とその対処TIPS
futokiyo
0
220
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.3k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.2k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
110
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.1k
Skip the Path - Find Your Career Trail
mkilby
1
80
4 Signs Your Business is Dying
shpigford
187
22k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
260
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Paper Plane
katiecoart
PRO
0
48k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.5k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
480
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
ivargrimstad
yohfee
ktcryomm
a_matsuda
n_takehata
tico88612
targe
javiergs
qnighy
kazumura
akkeylab
futokiyo
eileencodes
tammyeverts
inesmontani
greggifford
charlesmeaden
mkilby
shpigford
afnizarnur
katiecoart
katarinadahlin
