Cross-Site Scripting (XSS) Web Attack (Demo for AppSec)
We’ll share how we can hack applications and why application security is important. The demonstration shows a web attack using Cross-Site Scripting (XSS).
What is Cross-Site Scripting (XSS):
• Cross-Site Scripting (XSS) is one of the top web application security risks—it’s the top risk in the OWASP Top 10 (2017).
• Cross-Site Scripting (XSS) can be introduced when untrusted, un-sanitized user input is executed as part of the HTML, or when users can be influenced to interact with malicious links.
Examples: familiar code constructs from languages such as JavaScript or Flash are accepted from untrusted sources or stored for later display by another user agent.
Tips for stopping Cross-Site Scripting (XSS attack):
Preventing XSS requires separation of untrusted data from active browser content. You can do this by:
• Understanding the limitations of frameworks that automatically escape Cross-Site Scripting (XSS)
• Escaping untrusted HTTP request data and enabling Content Secure Policy (CSP)
• Applying context-sensitive encoding when modifying the browser document
LEARN MORE about Fortify: https://software.microfocus.com/en-us...
LEARN MORE about how Micro Focus was named a leader in the 2019 Gartner MQ for Application Security Testing: https://software.microfocus.com/en-us...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged
![Complete online adult ballet center [30 minutes]](https://images.videosashka.com/watch/IgZEpRMQ-cE)
