Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Mike Klemarewski
April 05, 2016
Programming
0
70
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
53
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
60
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
速いWebフレームワークを作る
yusukebe
5
1.7k
Processing Gem ベースの、2D レトロゲームエンジンの開発
tokujiros
2
130
Kiroで始めるAI-DLC
kaonash
2
610
概念モデル→論理モデルで気をつけていること
sunnyone
2
280
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
520
ユーザーも開発者も悩ませない TV アプリ開発 ~Compose の内部実装から学ぶフォーカス制御~
taked137
0
180
パッケージ設計の黒魔術/Kyoto.go#63
lufia
3
440
RDoc meets YARD
okuramasafumi
4
170
Tool Catalog Agent for Bedrock AgentCore Gateway
licux
7
2.5k
🔨 小さなビルドシステムを作る
momeemt
4
680
機能追加とリーダー業務の類似性
rinchoku
2
1.3k
AIコーディングAgentとの向き合い方
eycjur
0
270
Featured
See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
The Invisible Side of Design
smashingmag
301
51k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Making the Leap to Tech Lead
cromwellryan
135
9.5k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.4k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
530
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
840
Bash Introduction
62gerente
615
210k
Become a Pro
speakerdeck
PRO
29
5.5k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
yusukebe
tokujiros
kaonash
sunnyone
874wokiite
taked137
lufia
okuramasafumi
licux
momeemt
rinchoku
eycjur
philnash
smashingmag
keithpitt
cromwellryan
jcasabona
honnibal
tammyeverts
addyosmani
62gerente
speakerdeck
garrettdimon
malarkey
