Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Mike Klemarewski
April 05, 2016
Programming
0
68
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
51
HTTPS
mikeklemarewski
1
53
Injection
mikeklemarewski
1
59
Handy Shell Commands
mikeklemarewski
2
71
Other Decks in Programming
See All in Programming
あのころの iPod を どうにか再生させたい
orumin
2
2.5k
新世界の理解
koriym
0
140
Honoアップデート 2025年夏
yusukebe
1
780
GitHub Copilotの全体像と活用のヒント AI駆動開発の最初の一歩
74th
8
2.9k
コーディングは技術者(エンジニア)の嗜みでして / Learning the System Development Mindset from Rock Lady
mackey0225
2
520
実践!App Intents対応
yuukiw00w
1
290
JetBrainsのAI機能の紹介 #jjug
yusuke
0
210
Understanding Ruby Grammar Through Conflicts
yui_knk
1
120
ライブ配信サービスの インフラのジレンマ -マルチクラウドに至ったワケ-
mirrativ
1
250
AI OCR API on Lambdaを Datadogで可視化してみた
nealle
0
110
自作OSでDOOMを動かしてみた
zakki0925224
1
1.4k
エンジニアのための”最低限いい感じ”デザイン入門
shunshobon
0
110
Featured
See All Featured
The Pragmatic Product Professional
lauravandoore
36
6.8k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
283
13k
Embracing the Ebb and Flow
colly
86
4.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Docker and Python
trallard
45
3.5k
GitHub's CSS Performance
jonrohan
1031
460k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
The Cost Of JavaScript in 2023
addyosmani
53
8.8k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
orumin
koriym
yusukebe
74th
mackey0225
yuukiw00w
yusuke
yui_knk
mirrativ
nealle
zakki0925224
shunshobon
lauravandoore
kastner
stephaniewalter
colly
danielanewman
chrisshort
trallard
jonrohan
yeseniaperezcruz
morganepeng
addyosmani
caitiem20
