Cross-Site Scripting
Cross-Site Scripting (XSS), is exploited when the attacker can successfully execute any type of script (for example, JavaScript) on the victim's browser. These types of flaws exist because the developer did not validate the request or correctly encoded the response of the application. JavaScript is not the only script language used for XSS but it is the most common (in fact it's my favorite); attackers sometimes use scripting languages such as VBScript, ActiveX, Flash, and many more.
XSS is very popular and I encounter it every day while testing web applications. Every time I see a message displayed on the page that reflects a user input or behavior, then most probably it is vulnerable to XSS. But don't worry, with experience ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access