Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSS
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Mike Klemarewski
April 05, 2016
Programming
0
71
XSS
A quick overview of cross site scripting
Mike Klemarewski
April 05, 2016
Tweet
Share
More Decks by Mike Klemarewski
See All by Mike Klemarewski
Redux Containers Demystified
mikeklemarewski
1
54
HTTPS
mikeklemarewski
1
54
Injection
mikeklemarewski
1
69
Handy Shell Commands
mikeklemarewski
2
72
Other Decks in Programming
See All in Programming
MDN Web Docs に日本語翻訳でコントリビュート
ohmori_yusuke
0
650
Package Management Learnings from Homebrew
mikemcquaid
0
220
Vibe Coding - AI 驅動的軟體開發
mickyp100
0
170
OSSとなったswift-buildで Xcodeのビルドを差し替えられるため 自分でXcodeを直せる時代になっている ダイアモンド問題編
yimajo
3
610
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
6
1.8k
AI時代の認知負荷との向き合い方
optfit
0
160
React 19でつくる「気持ちいいUI」- 楽観的UIのすすめ
himorishige
11
7.4k
カスタマーサクセス業務を変革したヘルススコアの実現と学び
_hummer0724
0
690
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
kekekenta
0
210
なるべく楽してバックエンドに型をつけたい!(楽とは言ってない)
hibiki_cube
0
140
なぜSQLはAIぽく見えるのか/why does SQL look AI like
florets1
0
460
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
ahuglajbclajep
5
1k
Featured
See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.2k
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.3k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
120
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
140
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
0
140
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
340
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Marketing to machines
jonoalderson
1
4.6k
Into the Great Unknown - MozCon
thekraken
40
2.3k
Balancing Empowerment & Direction
lara
5
890
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
Exploring anti-patterns in Rails
aemeredith
2
250
Transcript
XSS (Cross Site Scripting)
What is it? • Text based attack • Exploits the
browser's interpreter, allowing the attacker to run code on the target site
What can be done using XSS? • hijack user sessions
• insert content • redirect users • hijack the user’s browser using malware
Who can do these attacks? • Anyone that can send
data to the system • Anyone that can craft a url and put it in front of other people
Types of XSS
Stored • User input is stored on the server and
rendered to any user that visits the page • Eg. User reviews, comments, profiles
Reflected • User input is returned by the web application
and rendered without being sanitized • Eg. Search results
DOM Based XSS • The response doesn't contain the exploit
payload • Some client side code reads the malicious data from the URL or DOM and executes it
Demo! Great resource from Google
Example attacks • Samy MySpace Worm • Spread through 1
million users in 20 hours • StrongWebmail CEO email hacked • XSS Worm Examples
Prevention • Properly escape untrusted data • Input validation can
help, but isn't a full solution • Use sanitization libraries
FIN
mikeklemarewski
ohmori_yusuke
mikemcquaid
mickyp100
yimajo
izumin5210
optfit
himorishige
_hummer0724
kekekenta
hibiki_cube
florets1
ahuglajbclajep
kastner
palkan
.png){kind=avatar}
helenjbeal
techseoconnect
minecr
reverentgeek
afnizarnur
jonoalderson
thekraken
lara
hatefulcrawdad
aemeredith
