XSS: Demonstration and Prevention5:36 with Jared Smith
In the last video, we explored how XSS works in theory. Now, let’s look at XSS in action and learn how to prevent it.
- Content Security Policy: a standard for adding which resources should be allowed to run (and which domains they can run on) via specific HTTP headers on a web app.
OWASP XSS Prevention cheat sheet
Ngrok - A free service that let’s you access locally-running web servers via a unique, registered domain name in a matter of seconds.
Content Security Policy overview: Developer Tools
Content Security Policy overview: OWASP Documentation
Content Security Policy Node.js Library (and other security headers)
You need to sign up for Treehouse in order to download course files.Sign up