SlideShare a Scribd company logo

Xss is more than a simple threat

Download as PPT, PDF
Avădănei Andrei
Avădănei Andrei

XSS is more than you can imagine. You should take a look.

Education
1 of 41
XSS is more than a simple threat ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction to XSS ,[object Object],[object Object],[object Object]
Short story ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XSS Types ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Shouts #1 – XSS Amazon
Shouts #2 XSS Facebook
Shouts #3 XSS Google
Shouts #4 XSS Ebay
Shouts #5 More XSS 'ed ,[object Object]
Getting XSS 'ed ,[object Object],[object Object],[object Object],[object Object],[object Object]
Where? everywhere ,[object Object],[object Object],[object Object],[object Object]
Basic XSS 'ing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Advanced XSS 'ing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HTML 5 XSS 'ed ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Bypass XSS protection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XSS Injection Exploitation (part 1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Redirection & Clickjacking ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
URL Spoofing ,[object Object],[object Object],[object Object],[object Object]
Session Hijacking ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cookie stuffing ,[object Object],[object Object],[object Object],[object Object],[object Object]
Ad Hijacking ,[object Object],[object Object],[object Object],[object Object]
CSRF/XSRF attacks ,[object Object],[object Object],[object Object],[object Object]
History Stealling ,[object Object],[object Object],[object Object],[object Object]
XSS Defacement ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Key & Mouse Logging ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tired? ,[object Object]
XSS Injection Exploitation (part 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Browser Hijacking ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Distributed port scanning ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DDoS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XSS Tunneling ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Distributed Password Cracking ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Worms (spreading) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Arbitrary file execution ,[object Object],[object Object],[object Object],[object Object]
Intranet Hacking (part 1) ,[object Object]
Intranet Hacking (part 2) ,[object Object],[object Object],[object Object],[object Object],[object Object]
Intranet Hacking (part 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Preventing XSS attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XSS it's still a simple threat? ,[object Object]
Question? ,[object Object]
Bibliography ,[object Object]

Recommended

XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?Yurii Bilyk
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterMasato Kinugawa
 
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesXXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesAbraham Aranguren
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)OWASP Khartoum
 
New Methods in Automated XSS Detection & Dynamic Exploit Creation
New Methods in Automated XSS Detection & Dynamic Exploit CreationNew Methods in Automated XSS Detection & Dynamic Exploit Creation
New Methods in Automated XSS Detection & Dynamic Exploit CreationKen Belva
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
 
Xss talk, attack and defense
Xss talk, attack and defenseXss talk, attack and defense
Xss talk, attack and defensePrakashchand Suthar
 

Recommended

XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?Yurii Bilyk
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterX-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterMasato Kinugawa
 
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesXXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesAbraham Aranguren
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)OWASP Khartoum
 
New Methods in Automated XSS Detection & Dynamic Exploit Creation
New Methods in Automated XSS Detection & Dynamic Exploit CreationNew Methods in Automated XSS Detection & Dynamic Exploit Creation
New Methods in Automated XSS Detection & Dynamic Exploit CreationKen Belva
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
 
Xss talk, attack and defense
Xss talk, attack and defenseXss talk, attack and defense
Xss talk, attack and defensePrakashchand Suthar
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012Abraham Aranguren
 
Dom based xss
Dom based xssDom based xss
Dom based xssLê Giáp
 
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates
 
DEfcon15 XXE XXS
DEfcon15 XXE XXSDEfcon15 XXE XXS
DEfcon15 XXE XXSpentest pentest
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxAaron Weaver
 
The Cross Site Scripting Guide
The Cross Site Scripting GuideThe Cross Site Scripting Guide
The Cross Site Scripting GuideDaisuke_Dan
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Web Security Horror Stories
Web Security Horror StoriesWeb Security Horror Stories
Web Security Horror StoriesSimon Willison
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
Understanding dom based xss
Understanding dom based xssUnderstanding dom based xss
Understanding dom based xssPotato
 
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Daniel Tumser
 
XSS
XSSXSS
XSSHrishikesh Mishra
 
JavaScript Security
JavaScript SecurityJavaScript Security
JavaScript SecurityJason Harwig
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Django Web Application Security
Django Web Application SecurityDjango Web Application Security
Django Web Application Securitylevigross
 
XSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolXSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolArjun Jain
 
Clickjacking DevCon2011
Clickjacking DevCon2011Clickjacking DevCon2011
Clickjacking DevCon2011Krishna T
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Securityjgrahamc
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 

More Related Content

What's hot

VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012Abraham Aranguren
 
Dom based xss
Dom based xssDom based xss
Dom based xssLê Giáp
 
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxAaron Weaver
 
The Cross Site Scripting Guide
The Cross Site Scripting GuideThe Cross Site Scripting Guide
The Cross Site Scripting GuideDaisuke_Dan
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Web Security Horror Stories
Web Security Horror StoriesWeb Security Horror Stories
Web Security Horror StoriesSimon Willison
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
Understanding dom based xss
Understanding dom based xssUnderstanding dom based xss
Understanding dom based xssPotato
 
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Daniel Tumser
 
JavaScript Security
JavaScript SecurityJavaScript Security
JavaScript SecurityJason Harwig
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Django Web Application Security
Django Web Application SecurityDjango Web Application Security
Django Web Application Securitylevigross
 
XSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolXSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolArjun Jain
 
Clickjacking DevCon2011
Clickjacking DevCon2011Clickjacking DevCon2011
Clickjacking DevCon2011Krishna T
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Securityjgrahamc
 

What's hot (20)

VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012
 
Dom based xss
Dom based xssDom based xss
Dom based xss
 
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning Center
 
DEfcon15 XXE XXS
DEfcon15 XXE XXSDEfcon15 XXE XXS
DEfcon15 XXE XXS
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert Box
 
The Cross Site Scripting Guide
The Cross Site Scripting GuideThe Cross Site Scripting Guide
The Cross Site Scripting Guide
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
 
Web Security Horror Stories
Web Security Horror StoriesWeb Security Horror Stories
Web Security Horror Stories
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers Group
 
Understanding dom based xss
Understanding dom based xssUnderstanding dom based xss
Understanding dom based xss
 
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
 
XSS
XSSXSS
XSS
 
JavaScript Security
JavaScript SecurityJavaScript Security
JavaScript Security
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Django Web Application Security
Django Web Application SecurityDjango Web Application Security
Django Web Application Security
 
XSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolXSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing tool
 
Clickjacking DevCon2011
Clickjacking DevCon2011Clickjacking DevCon2011
Clickjacking DevCon2011
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Security
 

Viewers also liked

Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah
 
CNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgCNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgSam Bowne
 

Viewers also liked (8)

Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
RHadoop
RHadoopRHadoop
RHadoop
 
Facebook data analysis using r
Facebook data analysis using rFacebook data analysis using r
Facebook data analysis using r
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
 
CNIT 126 9: OllyDbg
CNIT 126 9: OllyDbgCNIT 126 9: OllyDbg
CNIT 126 9: OllyDbg
 
Xss (cross site scripting)
Xss (cross site scripting)Xss (cross site scripting)
Xss (cross site scripting)
 

Similar to Xss is more than a simple threat

Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksPietro Polsinelli
 
Evolution Of Web Security
Evolution Of Web SecurityEvolution Of Web Security
Evolution Of Web SecurityChris Shiflett
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkErlend Oftedal
 
Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Ritesh Raushan
 
Xss.e xopresentation from eXo SEA
Xss.e xopresentation from eXo SEAXss.e xopresentation from eXo SEA
Xss.e xopresentation from eXo SEAThuy_Dang
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfyashvirsingh48
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror StoriesEC-Council
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeJeremiah Grossman
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Cross Site Scripting Augusta For Matrix Session
Cross Site Scripting Augusta For Matrix SessionCross Site Scripting Augusta For Matrix Session
Cross Site Scripting Augusta For Matrix SessionAbhishek kumar
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security TopicsShawn Gorrell
 

Similar to Xss is more than a simple threat (20)

Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacks
 
Evolution Of Web Security
Evolution Of Web SecurityEvolution Of Web Security
Evolution Of Web Security
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
 
Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
Xss.e xopresentation from eXo SEA
Xss.e xopresentation from eXo SEAXss.e xopresentation from eXo SEA
Xss.e xopresentation from eXo SEA
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
 
4.Xss
4.Xss4.Xss
4.Xss
 
Browser Horror Stories
Browser Horror StoriesBrowser Horror Stories
Browser Horror Stories
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Cross Site Scripting Augusta For Matrix Session
Cross Site Scripting Augusta For Matrix SessionCross Site Scripting Augusta For Matrix Session
Cross Site Scripting Augusta For Matrix Session
 
Complete xss walkthrough
Complete xss walkthroughComplete xss walkthrough
Complete xss walkthrough
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security Topics
 

More from Avădănei Andrei

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experienceAvădănei Andrei
 
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableAvădănei Andrei
 
A journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthA journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthAvădănei Andrei
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Avădănei Andrei
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscurityAvădănei Andrei
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentareAvădănei Andrei
 

More from Avădănei Andrei (11)

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
 
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
 
A journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthA journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinth
 
Polish the Wheel
Polish the WheelPolish the Wheel
Polish the Wheel
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
 
SmartFender
SmartFenderSmartFender
SmartFender
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentare
 
Spaghetti Code vs MVC
Spaghetti Code vs MVCSpaghetti Code vs MVC
Spaghetti Code vs MVC
 

Recently uploaded

ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 

Recently uploaded (20)

ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 

Xss is more than a simple threat

  • 1.
  • 2.
  • 3.
  • 4.
  • 5. Shouts #1 – XSS Amazon
  • 6. Shouts #2 XSS Facebook
  • 7. Shouts #3 XSS Google
  • 8. Shouts #4 XSS Ebay
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.