Tags » Cross-site Scripting

Security Countermeasure - Input validation

Input validation is the correct testing for of any input that is supplied by something else. All applications require some type of input. This input can come from a user or from another machine/application. 1,616 more words

Security

Web Application Penetration Testing for Beginners Part 6 – CSRF Attack

In last article, we studied stored XSS attack. In this article we will see CSRF attack. If we search for what is CSRF, it will provide info as: 257 more words

Web App Security

Web Application Penetration Testing for Beginners Part 5 – Stored XSS

In last article, we saw how we can perform XSS even when <script> tags are not allowed. Let’s see type two of XSS – Stored XSS. 184 more words

Web App Security

Web Application Penetration Testing for Beginners Part 4 – Reflected XSS when tags not allowed

In last article, we had studied XSS when there was no security at all. All html characters were allowed. Lets set the DVWA security to ‘Medium”. 150 more words

Web App Security

Web Application Penetration Testing for Beginners Part 3 – Reflected XSS

In last article, we saw how to perform brute force attack in web application. In this article we will see one of the popular attack i.e. 284 more words

Web App Security

Security threat - Broken authentication & session management

Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities. 420 more words

Security

Security Threat - Cross-site scripting (XSS)

Cross-site scripting (XSS) is when an application sends untrusted data to the web browser than can be interpreted as a piece of code. This way, attackers can execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. 425 more words

Security