Скачать или смотреть Cross-Site Scripting | Breaking My Own Website to Show You How to Defend Yours

Cross-Site Scripting is a vulnerability which allows attackers to inject scripts into websites to be executed by a victim's browser. Attacks can deface the website, redirect the victim, steal sensitive information, or even change the HTML of the page altogether.

In this cybersecurity video you will learn about three types of XSS: Reflected, stored and DOM-based.

We will then cover strategies to remediate XSS vulnerabilities: Escaping, sanitisation, validation, content security policy and HTTPOnly cookies.

This is to help you understand ways to defend against XSS attacks with practical code and programming examples.


CHAPTERS
00:00 Introduction and Disclaimer
01:09 What is XSS?
02:41 Reflected XSS
05:00 Stored XSS
06:55 DOM-Based XSS
08:14 Escaping (Client-Side)
09:04 Escaping (Server-Side)
09:57 Sanitisation
11:00 Validation
11:58 Content Security Policy
12:55 HTTPOnly Cookies


DISCLAIMER
All content shown in this video is for ethical and educational purposes only. Demonstrations are performed on a website I own and am running locally.

Exploiting or testing systems you don't own without permission is illegal.

The intention of this video is to help developers identify and patch vulnerabilities in their own systems.

The defensive security techniques presented are an introductory overview and are not guaranteed to be a complete security solution.

ALL CHARACTERS PRESENTED ARE FICTIONAL.