December 2010
Intermediate to advanced
363 pages
12h 21m
English
book
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
by Chris Snyder, Michael Southwell, Thomas Myer
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How XSS Works
Cross-site scripting attacks typically involve more than one website (which makes them cross-site), and they involve some sort of scripting. A basic primer on XSS can be found at http://www.cgisecurity.com/articles/xss-faq.shtml. The CERT Coordination Center at Carnegie Mellon University is generally considered the authority on XSS. Their advisory at http://www.cert.org/advisories/CA-2000-02.html is 10 years old as of this writing, but no less relevant to today's applications. In this section, we will introduce you to some of the many forms of XSS.
Scripting
When we said earlier that XSS involves “some sort of scripting,” we were not talking about PHP scripts, because of course those scripts are run on the server and generate the ...