XSS-presentation

XSS-presentation - Cross-Site Scripting Neeraj Agrawal Nick...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
Cross-Site Scripting Neeraj Agrawal Nick Kain
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Overview of the Sin Found in web-based applications Allows code injection by a malicious user into web pages used by others. Can allow a malicious user to access sensitive data from other users via the malicious script
Background image of page 2
Affected Languages PHP ASP C# Perl CGI Any language or technology used to build a web site.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
3 Types of XSS Attack DOM-based or Local XSS Mallory sends a URL to Alice of a maliciously constructed web page Alice clicks on the link The malicious page’s Javascript opens a vulnerable HTML page installed locally on Alice’s computer. The web page contains Javascript that is executed on Alice’s computer Mallory’s malicious script may now run commands on Alice’s computer
Background image of page 4
3 Types of XSS Attacks (continued) Non-persistent or reflective (most common type) Alice frequently visit’s a web site hosted by Bob. Bob’s site allows her to log in with a username and password and
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 13

XSS-presentation - Cross-Site Scripting Neeraj Agrawal Nick...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online