XSS: How It Works4:31 with Jared Smith
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victims' browser, which can access any cookies, session tokens, or other sensitive information retained by the browser, or redirect user to malicious sites.
- XSS: Cross-Site Scripting, or XSS, occur when a web applications takes untrusted data and sends it to a web browser without proper validation or escaping.
- Stored XSS: XSS that can persist in an application and be run on a user’s page after being loaded from a database, server-side endpoint, or local browser storage.
- Reflected XSS: XSS that can be injected by an attacker and is returned in an immediate HTTP response to the targeted user.
You need to sign up for Treehouse in order to download course files.Sign up