Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy
In this video, I discuss XSS Cross-Site scripting attacks and how to prevent them.
0:00 Intro
2:40 XSS Stored Attacks
The injected script is stored permanently on the target servers. The victim then retrieves this malicious script from the server when the browser sends a request for data.
4:50 Reflected XSS Attacks
When a user is tricked into clicking a malicious link, submitting a specially crafted form, or browsing to a malicious site, the injected code travels to the vulnerable website. The Web server reflects the injected script back to the user's browser, such as in an error message, search result, or any other response that includes data sent to the server as part of the request. The browser executes the code because it assumes the response is from a "trusted" server which the user has already interacted with.
8:00 Source Code Explained
9:50 Prevent XSS Attacks with CSP
16:00 Prevent all scripts with CSP
Source Code
https://github.com/hnasr/javascript_playground/tree/master/xss
🏭 Backend Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUNnO4p00ua_C5mKTfldiYT
💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
🛰 Network Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUBSgBXilKhRMJ1ACqr7pTr
🏰 Load Balancing and Proxies Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC
🐘 Postgres Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWGrOqslniFlRcwxyY94cjj
🚢Docker
https://www.youtube.com/playlist?list=PLQnljOFTspQWsD-rakNw1C20c1JI8UR1r
🧮 Programming Pattern Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQV1emqxKbcP5esAf4zpqWpe
🛡 Web Security Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU3YDMRSMvzflh_qXoz9zfv
🦠 HTTP Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU6zO0drAYHFtkkyfNJw1IO
🐍 Python Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU_M83ARz8mDdr4LThzkBKX
🔆 Javascript Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWab0g3W6ZaDM6_Buh20EWM
👾Discord Server https://discord.gg/CsFbFce
Become a Member
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Support me on PayPal
https://bit.ly/33ENps4
Become a Patreon
https://www.patreon.com/join/hnasr?
Stay Awesome,
Hussein
Видео Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy канала Hussein Nasser
0:00 Intro
2:40 XSS Stored Attacks
The injected script is stored permanently on the target servers. The victim then retrieves this malicious script from the server when the browser sends a request for data.
4:50 Reflected XSS Attacks
When a user is tricked into clicking a malicious link, submitting a specially crafted form, or browsing to a malicious site, the injected code travels to the vulnerable website. The Web server reflects the injected script back to the user's browser, such as in an error message, search result, or any other response that includes data sent to the server as part of the request. The browser executes the code because it assumes the response is from a "trusted" server which the user has already interacted with.
8:00 Source Code Explained
9:50 Prevent XSS Attacks with CSP
16:00 Prevent all scripts with CSP
Source Code
https://github.com/hnasr/javascript_playground/tree/master/xss
🏭 Backend Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUNnO4p00ua_C5mKTfldiYT
💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
🛰 Network Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUBSgBXilKhRMJ1ACqr7pTr
🏰 Load Balancing and Proxies Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC
🐘 Postgres Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWGrOqslniFlRcwxyY94cjj
🚢Docker
https://www.youtube.com/playlist?list=PLQnljOFTspQWsD-rakNw1C20c1JI8UR1r
🧮 Programming Pattern Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQV1emqxKbcP5esAf4zpqWpe
🛡 Web Security Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU3YDMRSMvzflh_qXoz9zfv
🦠 HTTP Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU6zO0drAYHFtkkyfNJw1IO
🐍 Python Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU_M83ARz8mDdr4LThzkBKX
🔆 Javascript Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWab0g3W6ZaDM6_Buh20EWM
👾Discord Server https://discord.gg/CsFbFce
Become a Member
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Support me on PayPal
https://bit.ly/33ENps4
Become a Patreon
https://www.patreon.com/join/hnasr?
Stay Awesome,
Hussein
Видео Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy канала Hussein Nasser
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
RFC 9000 - QUIC #minuteengineering #quic
The Huge Flaw HTTP 1.0 Had...
When to Switch a Backend Programming Language?
High severity flaw can crash your WebServer when using OpenSSL - Let us discuss
The Cloudflare mTLS vulnerability - A Deep Dive Analysis
Your Backend Might not Be Ready for HTTP/2 - Watch This Before Implementing it
cURL TLS 1.3 session ticket proxy host mixup Vulnerability
Learn Programming with VB.NET - 10 - How did I learn programming
Publish/Subscribe Backend Systems Explained In 60 Seconds #shorts_hussein
Show Your Work. Blog, Vlog, Write, Create and Develop!
Critical Bug in Jenkins - This is why Building a Web Server is Hard
Denial of Service through DNS request Discovered in Node JS (CVE-2020-8277)
YugabyteDB supports read committed isolation
The Auth0 Outage 4/20/2021 (Early report)
New course alert - Unlocking Backend Performance
Digicert revokes 50,000 EV Certificates
Javascript By Example L1E09 - Code simplification and debugging
Why 0177.0.0.1 is also localhost
Why Browsers have 6 active TCP Connections for each website?
Chrome follows FireFox steps - Rolling back SameSite cookie change
Chrome Dedicated ROOT Certificate Store is Coming Soon, What Does That Mean To You? let us discuss