Security Now 85

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 85

Security Now 85: Cross Site Scripting Part 1

News & Errata

Cross Site Scripting

22:00 - 25:00
What is XSS ?  - A major way to carry out web based code injection

25:01 - 38:59
JIKTO - A tool for discovering XSS vulnerabilities on websites

39:00 - 45:20
What happens when users of a webserver can provide content to be displayed ?

  • You get trusted content from a server and untrusted content from a user intermixed
  • Textual displayed content and executed scripting content are not separated
  • If you supply content as <script .... > and the webserver does not sanitize properly the input you can cause scripts to be executed
  • Hackers try to find holes in the servers sanitation functions

Production Information

  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.