Introduction to Cross-Site Scripting

,

Posted on

By

Raxis Administrator

This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.

Introduction to Cross-Site Scripting

Cross-site scripting (XSS) has been a popular finding for me in 2021, discovering five XSS vulnerabilities that have been assigned CVEs. Additionally, it’s been present on recent application testing as well, so I thought it would be beneficial to cover XSS in more depth.

This video is the first in a series of blog posts that will describe various cross-site scripting attacks, remediations, and specific areas to look out for that I have seen overlooked in the sanitization of user-supplied data. This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS. Additionally, I’ll discuss remediation to protect against these attacks. Future videos will cover filter evasion and side-loading payloads, as well as cookie theft and advanced payloads.

I hope this video and the ones that follow give you a better idea about how cross-site scripting works, why it’s dangerous, and how to prevent it from happening to your company.

Want to learn more? Take a look at the second part in our Cross-Site Scripting Series.

Raxis Attack

Continuous, expert-led PTaaS combined with advanced automation to uncover and address hidden vulnerabilities, ensuring your business stays ahead of evolving cyber threats while maintaining regulatory compliance.

Learn More

Raxis Protect

Continuous vulnerability scanning, real-time asset management, and expert guidance to proactively identify and address security gaps across your entire digital ecosystem, ensuring 24/7 protection against evolving cyber threats.

Learn More

Raxis Strike

Tailored, expert-led penetration testing that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Learn More

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Learn More

Written by

Raxis Administrator

in

,

More From Raxis

  • Cybersecurity: It’s how to say “Yes.”
    By Mark Puckett • December 31, 2024
    Read More
  • Accepting Penetration Test Risks & How Compensating Controls Can Help

    Accepting Penetration Test Risks & How Compensating Controls Can Help
    By Tim Semchenko • December 17, 2024
    Read More
  • Cool Tools Series: Masscan

    Cool Tools Series: Masscan
    By Andrew Trexler • December 3, 2024
    Read More
  • Meet the Team: Jason Taylor

    Meet the Team: Jason Taylor, Lead Penetration Tester
    By Jason Taylor • November 19, 2024
    Read More
  • Password Series: Defeating Emerging Password Security Trends with Psudohash

    Password Series: Defeating Emerging Password Security Trends with Psudohash
    By Ryan Chaplin • November 5, 2024
    Read More
  • Why Raxis Attack is a Huge Win for Organizations

    Why Raxis Attack is a Huge Win for Organizations
    By Caroline Kelly • October 22, 2024
    Read More