eJPT Junior Penetration Tester
ShopAuthorPatreonHTB Pro Labs
eJPT Junior Penetration Tester
eJPT Junior Penetration Tester
  • 🍕eJPT Study Notes
  • Author
  • eCPPTv2 Study Notes
  • INE eJPT Exam
    • Description
    • eJPT Certification
  • RFS Tips
    • Before the Exam
    • Prepare your Setup
    • Questions?
    • Start Hacking
  • Methodology
    • 1️⃣To Scan a Network
    • 2️⃣To Attack a Linux Machine
    • 3️⃣To Attack a Windows Machine
    • 4️⃣Pivoting Methodology
    • 5️⃣Linux Post Exploitation
    • 6️⃣Windows Post Exploitation
  • Community
    • LinkedIn
    • Discord
  • Networking
    • 🟢OSI Layers
    • 🟢Protocols
    • 🟢Subnetting
    • 🟢Routing
    • Pivoting
  • Network Protocols
    • 🟢FTP 21
    • 🟢SSH 22
    • ✅HTTP 80
    • 🟢NetBIOS 139
    • 🟠SMB 445
    • MySQL 3306
    • 🟢RDP 3389
  • Web Attacks
    • XSS
    • SQLi
    • Path Traversal
    • Command Injection
    • LFI - Local File Inclusion
    • LFI cheatsheet - HTB
  • Web CMS Attacks
    • Wordpress
    • Joomla
    • TomCat
  • Exploits
    • Search Exploits
    • Linux
    • Windows
  • Tools
    • dirb
    • 🟢Gobuster
    • Nmap
    • Netcat
    • Burpsuite
    • 🟢SQLMap
    • 🟢Metasploit
    • Hydra
    • 🟢John the Ripper
    • Hashcat
  • Web Tools
    • 😍RevShells
    • MD5 Crack
    • CyberChef
    • SecLists
  • TryHackMe Rooms
    • DogCat
    • Archangel
    • OWASP Juice Shop
  • Hack The Box Rooms
    • Page 2
  • Create Your Own Lab
    • Page 3
  • Other Resources
    • Page 1
  • TCM Security Courses
    • Page 4
Powered by GitBook
On this page

Was this helpful?

  1. Web Attacks

XSS

Explore our comprehensive article on XSS Attacks; understand the impact, prevention strategies, and the latest trends. Stay informed, secure your digital space against XSS Attacks.

PreviousRDP 3389NextSQLi

Last updated 1 year ago

Was this helpful?

Cross-Site Scripting (XSS) attacks are a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject malicious scripts into content that other users see and interact with.

The goal of such attacks is usually to steal session cookies or other sensitive information from victims, impersonate users, or manipulate the victim's experience on a website to serve the attacker's purpose.

Categories of XSS Attacks

  1. Stored XSS: The malicious script is permanently stored on the target server, such as in a database, and is then presented to end users within the web app.

  2. Reflected XSS: The script is included in a request made to the server and then reflected back in such a way that the script is executed in the user's browser.

  3. DOM-based XSS: The attack occurs within the victim’s browser without involving the web server, typically by manipulating the browser's DOM with client-side scripts.

Defensive Measures

  • Sanitize user inputs by filtering out or encoding special characters such as <, >, and &.

  • Use Content Security Policy (CSP) headers to restrict the sources from which scripts can be executed.

  • Employ security-aware coding practices, library functions, and frameworks that automatically handle some aspects of security.

It's important for developers to remain vigilant and consistently apply security updates to mitigate XSS vulnerabilities. Regular security audits and code reviews can help detect potential XSS vulnerabilities.

https://owasp.org/www-community/xss-filter-evasion-cheatsheetowasp.org
Sign up to our mailing list to receive updates!