April 2011
Intermediate to advanced
500 pages
16h 12m
English
Content preview from Developer's Guide to Web Application Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Web-Based E-Mail Attacks
The most serious consequence of JavaScript comes when using a Web-based mail
service. Executing JavaScript when the user opens a Web-based e-mail message
allows the JavaScript code to essentially take over what is displayed on the screen.
This could completely fool users into thinking they were working in the normal
Hotmail system, when in fact, everything they were doing was being monitored and
perhaps sent back to a server on the Internet.
Let’s look at an example. Imagine you open a message with embedded JavaScript
on a Web-based e-mail service.The code in the e-mail could easily display a fake
login screen to make you think ...