Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross Site Scripting and its Issues By Odion Oisamoje.

Published byHenry Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "Cross Site Scripting and its Issues By Odion Oisamoje."— Presentation transcript:

1 Cross Site Scripting and its Issues By Odion Oisamoje

2 What is XSS Is a vulnerability that enables an attacker lure a computer user to download malicious JavaScript code from a trusted site.

3 Types of XSS 0 Persistent  Attack is stored on the website’s server.  Do not have to go through a link 0 Non-persistent  Most common  User has to go through a special link to be exposed  Code does not get stored on the server

4 Types of XSS cont. Figure 1: A typical reflected or non-persistent cross site scripting scenario

5 Type of XSS Cont. 0 DOM-based  An emerging area  Attacker code does not have to pass though the server to affect the visitor

6 How it Works 0 http://www.youtube.com/watch?v=r79ozjCL7DA http://www.youtube.com/watch?v=r79ozjCL7DA

7 Famous Attack 0 “In 2005, a MySpace user named Samy discovered a unique way to expand hi buddy list. Within 24 hours, the number of friends in his page grew from 73 to more than 1 million. He achieved this instant popularity by creating the first self-propagating cross- site scripting (XSS) worm and by exploiting the lax security in many Web browsers” (Monthie, 2008).

8 Prevention – Detection – Response 0 Reduce Impact 0 Sanitize input 0 Work back to the source  Input sanitation and validation on JavaScript code 0 Be proactive

9 References 0 Monthie, B. (2008). What, who, when, where, why, how of XSS. Network World, 25(28), 26. Retrieved from EBSCOhost. 0 Cross-site Scripting (XSS). (2010, October 10). Retrieved April 15, 2011, from The Open Web Application Security Project (OWASP): https://www.owasp.org

10 Q & A

Download ppt "Cross Site Scripting and its Issues By Odion Oisamoje."

Similar presentations

Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Cross Site Scripting (XSS)

Cross Site Scripting (XSS)
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.

Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.
Web Trust Boundaries and Security Vulnerabilities Haris Volos and Hidayat Teonadi CS739 – Distributed Systems.

Web Trust Boundaries and Security Vulnerabilities Haris Volos and Hidayat Teonadi CS739 – Distributed Systems.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
Cross Site Scripting & SQL injection

Cross Site Scripting & SQL injection
1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.

1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
Team Members: Brad Stancel,

Team Members: Brad Stancel,
Ben Livshits and Weidong Cui Microsoft Research Redmond, WA.

Ben Livshits and Weidong Cui Microsoft Research Redmond, WA.
Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.

Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.
Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.

Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
March Intensive: XSS Exploits

March Intensive: XSS Exploits
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Similar presentations

Ads by Google