XSS targeting and the delivery
As dire a threat as XSS presents to a web application and its users, it is shockingly easy to implement. Delivered in most cases through a browser or e-mail, all the attacker needs is a working knowledge of HTML and JavaScript and a target web server susceptible to this form of attack. Using these skills, the hacker can choose how big a net they are willing to cast. We must be wary of all forms of injection attacks, XSS included, as they can all wreak havoc on an application long before incident response can begin to remediate these issues.
With stored XSS, hackers cast a big net and impact a large number of users with their malicious script. This is wonderful if the potential users of the application are predominantly ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access