The low-down on XSS types
XSS attacks are both common and dire; in the right places, they can be used to deliver malicious scripts, funnel traffic to an alternative redirect, or implant faulty data. Efforts to categorize them have added to the confusion for some of us. The earliest categorization focused on its persistence (or lack thereof), but over time, the industry has focused on the affected host: a web server or browsing client. OWASP has done a great job of redefining these types to help us (pen testers) choose the best detection methods and exploitation tools for each. The common thread that ties them together is that they all involve user input being relayed by a server without proper validation, and these attacks always execute ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access