Cross-Site Scripting (XSS) Web Attack (Demo for AppSec)





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on May 3, 2019

We’ll share how we can hack applications and why application security is important. The demonstration shows a web attack using Cross-Site Scripting (XSS).

What is Cross-Site Scripting (XSS):
• Cross-Site Scripting (XSS) is one of the top web application security risks—it’s the top risk in the OWASP Top 10 (2017).
• Cross-Site Scripting (XSS) can be introduced when untrusted, un-sanitized user input is executed as part of the HTML, or when users can be influenced to interact with malicious links.

Examples: familiar code constructs from languages such as JavaScript or Flash are accepted from untrusted sources or stored for later display by another user agent.

Tips for stopping Cross-Site Scripting (XSS attack):
Preventing XSS requires separation of untrusted data from active browser content. You can do this by:
• Understanding the limitations of frameworks that automatically escape Cross-Site Scripting (XSS)
• Escaping untrusted HTTP request data and enabling Content Secure Policy (CSP)
• Applying context-sensitive encoding when modifying the browser document

LEARN MORE about Fortify: https://software.microfocus.com/en-us...

LEARN MORE about how Micro Focus was named a leader in the 2019 Gartner MQ for Application Security Testing: https://software.microfocus.com/en-us...

SUBSCRIBE TO FORTIFY UNPLUGGED: https://www.youtube.com/channel/UCUDK...


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...