Readings: XSS with w3af, DVWA

Below you will find reading materials and additional resources that support today’s topic and the upcoming lecture.

Review the Submission Instructions for guidance on completing and submitting this assignment.

Reading

Cross-site scripting

Explain how a cross-site scripting attack works in non-technical terms.

• Cross-site scripting is a weakness in a website that allows an attacker to hack the interactions users have with a website that has weak security. It allows hackers to go around what's the "same origin policy", which is meant to segregate different websites from each other

What are the three types of XSS attacks?

If an attacker successfully exploits a XSS vulnerability, what malicious actions would they be able to perform?

What are some security controls that can be implemented to prevent XSS attacks?

Bookmark and Review

Security Report for In-Production Web Applications