4.2 Cross-Site Scripting (XSS)

Topics

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) constitutes a client-side web vulnerability enabling attackers to embed malicious scripts into web pages.

This vulnerability often arises from inadequate input sanitization/validation within web applications.

Attackers exploit XSS vulnerabilities to insert harmful code into web applications. Given that XSS is a client-side vulnerability, these scripts execute within the victim's browser.

XSS vulnerabilities impact web applications deficient in input validation and reliant on client-side scripting languages such as JavaScript, Flash, CSS, etc.

Web Basics

14 - Hacking Web Apps

Practise

πŸ”¬ There are many vulnerable testing web apps like:

DVWA

The Damn Vulnerable Web Application (DVWA) is a web application built with PHP and MySQL intentionally designed to be susceptible to security vulnerabilities. Its primary purpose is to serve as a resource for security professionals to assess their skills and tools within a legal context. Additionally, it aids web developers in gaining a deeper understanding of the processes involved in securing web applications and facilitates learning about web application security for both students and teachers in a controlled classroom setting.

DVWA is designed to provide a platform for practicing various common web vulnerabilities at different difficulty levels, all presented through a simple and user-friendly interface. It's important to note that there are deliberate both documented and undocumented vulnerabilities within the software, encouraging users to explore and identify as many issues as possible.

DVWA

DVWA - My Writeups

DVWA

Theory and Lab platform

Web Burp Suite Security Academy

❗ Disclaimer