Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy
In this video, I discuss XSS Cross-Site scripting attacks and how to prevent them.
0:00 Intro
2:40 XSS Stored Attacks
The injected script is stored permanently on the target servers. The victim then retrieves this malicious script from the server when the browser sends a request for data.
4:50 Reflected XSS Attacks
When a user is tricked into clicking a malicious link, submitting a specially crafted form, or browsing to a malicious site, the injected code travels to the vulnerable website. The Web server reflects the injected script back to the user's browser, such as in an error message, search result, or any other response that includes data sent to the server as part of the request. The browser executes the code because it assumes the response is from a "trusted" server which the user has already interacted with.
8:00 Source Code Explained
9:50 Prevent XSS Attacks with CSP
16:00 Prevent all scripts with CSP
Source Code
https://github.com/hnasr/javascript_playground/tree/master/xss
🏭 Backend Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUNnO4p00ua_C5mKTfldiYT
💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
🛰 Network Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUBSgBXilKhRMJ1ACqr7pTr
🏰 Load Balancing and Proxies Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC
🐘 Postgres Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWGrOqslniFlRcwxyY94cjj
🚢Docker
https://www.youtube.com/playlist?list=PLQnljOFTspQWsD-rakNw1C20c1JI8UR1r
🧮 Programming Pattern Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQV1emqxKbcP5esAf4zpqWpe
🛡 Web Security Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU3YDMRSMvzflh_qXoz9zfv
🦠 HTTP Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU6zO0drAYHFtkkyfNJw1IO
🐍 Python Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU_M83ARz8mDdr4LThzkBKX
🔆 Javascript Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWab0g3W6ZaDM6_Buh20EWM
👾Discord Server https://discord.gg/CsFbFce
Become a Member
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Support me on PayPal
https://bit.ly/33ENps4
Become a Patreon
https://www.patreon.com/join/hnasr?
Stay Awesome,
Hussein
Видео Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy канала Hussein Nasser
0:00 Intro
2:40 XSS Stored Attacks
The injected script is stored permanently on the target servers. The victim then retrieves this malicious script from the server when the browser sends a request for data.
4:50 Reflected XSS Attacks
When a user is tricked into clicking a malicious link, submitting a specially crafted form, or browsing to a malicious site, the injected code travels to the vulnerable website. The Web server reflects the injected script back to the user's browser, such as in an error message, search result, or any other response that includes data sent to the server as part of the request. The browser executes the code because it assumes the response is from a "trusted" server which the user has already interacted with.
8:00 Source Code Explained
9:50 Prevent XSS Attacks with CSP
16:00 Prevent all scripts with CSP
Source Code
https://github.com/hnasr/javascript_playground/tree/master/xss
🏭 Backend Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUNnO4p00ua_C5mKTfldiYT
💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
🛰 Network Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUBSgBXilKhRMJ1ACqr7pTr
🏰 Load Balancing and Proxies Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC
🐘 Postgres Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWGrOqslniFlRcwxyY94cjj
🚢Docker
https://www.youtube.com/playlist?list=PLQnljOFTspQWsD-rakNw1C20c1JI8UR1r
🧮 Programming Pattern Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQV1emqxKbcP5esAf4zpqWpe
🛡 Web Security Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU3YDMRSMvzflh_qXoz9zfv
🦠 HTTP Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU6zO0drAYHFtkkyfNJw1IO
🐍 Python Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU_M83ARz8mDdr4LThzkBKX
🔆 Javascript Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWab0g3W6ZaDM6_Buh20EWM
👾Discord Server https://discord.gg/CsFbFce
Become a Member
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Support me on PayPal
https://bit.ly/33ENps4
Become a Patreon
https://www.patreon.com/join/hnasr?
Stay Awesome,
Hussein
Видео Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security Policy канала Hussein Nasser
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
RFC 9000 - QUIC #minuteengineering #quicThe Huge Flaw HTTP 1.0 Had...When to Switch a Backend Programming Language?High severity flaw can crash your WebServer when using OpenSSL - Let us discussThe Cloudflare mTLS vulnerability - A Deep Dive AnalysisYour Backend Might not Be Ready for HTTP/2 - Watch This Before Implementing itcURL TLS 1.3 session ticket proxy host mixup VulnerabilityLearn Programming with VB.NET - 10 - How did I learn programmingPublish/Subscribe Backend Systems Explained In 60 Seconds #shorts_husseinShow Your Work. Blog, Vlog, Write, Create and Develop!Critical Bug in Jenkins - This is why Building a Web Server is HardDenial of Service through DNS request Discovered in Node JS (CVE-2020-8277)YugabyteDB supports read committed isolationThe Auth0 Outage 4/20/2021 (Early report)New course alert - Unlocking Backend PerformanceDigicert revokes 50,000 EV CertificatesJavascript By Example L1E09 - Code simplification and debuggingWhy 0177.0.0.1 is also localhostWhy Browsers have 6 active TCP Connections for each website?Chrome follows FireFox steps - Rolling back SameSite cookie changeChrome Dedicated ROOT Certificate Store is Coming Soon, What Does That Mean To You? let us discuss