Transcript Cross site scripting
Slide 1
Cross site scripting
Firas mohamed tahir
Supervised by :Dr lo’ay twalbeh
Slide 2
introduction
There are many techniques which an intruder
can use to compromise the web application.
One such techniques is called xxs or across
site script.
With the help of such vulnerability intruder
can easily use some social engineering
trick to reveal access credentials of users
It can also invoke an automated script to
perform some operations.
Slide 3
Introduction(con…)
Cross site scripting(css for short,but some times
abbreviated as xss).
Xss is one of the most common application level
attacks that hackers use to sneak in to web
applications.
Xss is an attack on the privacy of clients of
particular web site which can lead to a total breach
of security when customer details are stolen or
manipulated.
The common language used for xss include java
script,vbscript,Html,c++,active x and flash.
Slide 4
Introduction(con…)
Many web site make extensive use of client-side
scripts(mostly written in java script).
There are many applications which are designed to
permit the input of Html tags for displaying the Html
formatted data.
These tags can be used by malicious users to attack
other users by inserting scripts or malicious applets.
Xss is unlike most attack which involves two parties
the attacker and victim client.
The css attack involves three parties the attacker,a
client and web site.
Slide 5
Introduction(con…)
Such attack are result of poor input validations, it uses the
combination of html and java script.
An intruder can misguide the client and perform various attack
from Dos(by opening enormous amount of window on client
site,or embedding malicious FORM tags at the right place.
Malicious user may be able to trick users into revealing sensitive
information by modifying the behavior of existing form or by
embedding scripts.
Scripting tags that take advantage of xss
include<script>,
Cross site scripting
Firas mohamed tahir
Supervised by :Dr lo’ay twalbeh
Slide 2
introduction
There are many techniques which an intruder
can use to compromise the web application.
One such techniques is called xxs or across
site script.
With the help of such vulnerability intruder
can easily use some social engineering
trick to reveal access credentials of users
It can also invoke an automated script to
perform some operations.
Slide 3
Introduction(con…)
Cross site scripting(css for short,but some times
abbreviated as xss).
Xss is one of the most common application level
attacks that hackers use to sneak in to web
applications.
Xss is an attack on the privacy of clients of
particular web site which can lead to a total breach
of security when customer details are stolen or
manipulated.
The common language used for xss include java
script,vbscript,Html,c++,active x and flash.
Slide 4
Introduction(con…)
Many web site make extensive use of client-side
scripts(mostly written in java script).
There are many applications which are designed to
permit the input of Html tags for displaying the Html
formatted data.
These tags can be used by malicious users to attack
other users by inserting scripts or malicious applets.
Xss is unlike most attack which involves two parties
the attacker and victim client.
The css attack involves three parties the attacker,a
client and web site.
Slide 5
Introduction(con…)
Such attack are result of poor input validations, it uses the
combination of html and java script.
An intruder can misguide the client and perform various attack
from Dos(by opening enormous amount of window on client
site,or embedding malicious FORM tags at the right place.
Malicious user may be able to trick users into revealing sensitive
information by modifying the behavior of existing form or by
embedding scripts.
Scripting tags that take advantage of xss
include<script>,