XSS

Another prevalent type of attack that I still encounter out in the field very frequently is XSS. XSS comes in a few flavors, but they all provide attackers with the same thing: arbitrary JavaScript code execution in the client's browser.

While this may not sound as great as executing code on the actual application server, XSS attacks can be devastating when used in targeted attacks.

Reflected XSS

The more common type of XSS vulnerability is the reflected or non-persistent kind. A reflected XSS attack happens when the application accepts input from the user, either via parameters in the URL, body, or HTTP headers, and it returns it back to the user without sanitizing it first. This type of attack is referred to as non-persistent because once the ...

Get Becoming the Hacker now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Becoming the Hacker by Adrian Pruteanu

XSS

Reflected XSS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly