XSeyeyeyeyeyeyeyeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeS.pptx

VikasTuwar1 11 views 4 slides Jul 19, 2024

Slide 1 of 4

About This Presentation

urtuuuuuuuuuuuuuuwueuruururuuuuuuuu

Size: 81.24 KB

Language: en

Added: Jul 19, 2024

Slides: 4 pages

Slide Content

XSS What is Cross-Site Scripting (XSS )? Cross-Site Scripting (XSS) is a type of security vulnerability typically found in web applications. It occurs when an attacker can inject malicious scripts into content that is then delivered to other users . These scripts are executed in the context of the victim's browser, allowing attackers to steal data, manipulate the appearance of web pages, or perform actions on behalf of the user.

Types of XSS XSS vulnerabilities are generally categorized into three types: Stored XSS (Persistent XSS) Reflected XSS (Non-Persistent XSS) DOM-based XSS 1. Stored XSS (Persistent XSS) Description : Stored XSS occurs when malicious input from an attacker is permanently stored on the target server, such as in a database, message forum, visitor log, or comment field. The victim retrieves and executes the malicious script when accessing the stored data . Impact : High, because the malicious script is executed every time any user views the infected page. Mitigation : Properly escape or sanitize user input before storing it. Use Content Security Policy (CSP) to restrict the sources from which scripts can be executed. Encode output before displaying it in the browser.

2. Reflected XSS (Non-Persistent XSS) Description : Reflected XSS occurs when user input is immediately reflected in the web response without being stored. The attack is typically delivered via a malicious link crafted by the attacker. Example : An attacker crafts a URL with a malicious script Impact : Moderate, as the attack requires social engineering to trick the victim into clicking the malicious link. Mitigation : Sanitize and validate user inputs. Encode output before reflecting it in the web page. Use anti-XSS libraries or frameworks.

3. DOM-based XSS Description : DOM-based XSS occurs when the vulnerability exists in the client-side code rather than the server-side. The malicious payload is executed as a result of modifying the DOM environment in the browser. Example : An attacker crafts a URL with a malicious script : Impact : Varies, depending on the application and the nature of the script executed. Mitigation : Sanitize and validate user inputs on the client-side. Use safe JavaScript functions and libraries for DOM manipulation.