Course 2 Section 4: Understanding Cross-site Scripting Vulnerabilities

Course 2: Programming Issues, Section 4 ,[object Object],[object Object],[object Object],[object Object],[object Object]

Course 2 Learning Plan ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Learning objectives ,[object Object],[object Object],[object Object]

Cross-Site Scripting: Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Client-side Scripting ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Cross-Site Scripting Vulnerabilities ,[object Object],[object Object],[object Object],[object Object]

XSS Concept ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Why the Name ,[object Object],[object Object],[object Object],Z Mallory Poison Poison M Hostile Code Executes Surfing

XSS Risks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

XSS Risks -- Stolen Account Credentials ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Cookie Mechanism and Vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

XSS -- Point ,[object Object],[object Object],[object Object]

XSS Risk -- Privacy and Misinformation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

XSS Page Modification Example ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

XSS Risk -- Denial of Service ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

XSS Risk -- Silent Install ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

XSS Risk -- Phishing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security Zones Model ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Accountability ,[object Object],[object Object],[object Object]

History of Malicious Scripts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Other Malicious Scripts ,[object Object],[object Object],[object Object],[object Object],[object Object]

VBscripts that change Registry Keys ,[object Object],[object Object],[object Object],[object Object],[object Object]

XSS Vulnerability: Reflection ,[object Object],[object Object],[object Object],[object Object],[object Object]

Results ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

XSS Vulnerability: Stored ,[object Object],[object Object],[object Object],[object Object],[object Object]

JavaScript urls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Indirect Ways to Inject Code ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Spreading the Fame ,[object Object],[object Object],[object Object]

Lab ,[object Object],[object Object]

Lab Step 1 ,[object Object],[object Object],[object Object],[object Object]

Lab Step 2 ,[object Object],[object Object],[object Object],[object Object],[object Object]

Comments on Step 2 ,[object Object],[object Object],[object Object]

Lab Step 3: The <script> Tag ,[object Object],[object Object],[object Object],[object Object]

Comments ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Where Else? ,[object Object],[object Object],[object Object],[object Object]

Example: PHPNuke 6.0 ,[object Object],[object Object],[object Object],[object Object],[object Object]

PHPNuke XSS ,[object Object],[object Object],[object Object],[object Object]

PHPNuke XSS #2 ,[object Object],[object Object],[object Object],[object Object],[object Object]

PHPNuke Other XSS ,[object Object],[object Object],[object Object],[object Object],[object Object]

Question ,[object Object],[object Object],[object Object],[object Object]

Discussion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

So You Disabled Scripting... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

About These Slides ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Pascal Meunier [email_address] ,[object Object],[object Object]

Course 2 Section 4: Understanding Cross-site Scripting Vulnerabilities

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (6)

Similaire à Course 2 Section 4: Understanding Cross-site Scripting Vulnerabilities

Similaire à Course 2 Section 4: Understanding Cross-site Scripting Vulnerabilities (20)

Plus de phanleson

Plus de phanleson (20)

Dernier

Dernier (20)

Course 2 Section 4: Understanding Cross-site Scripting Vulnerabilities