Cross Site Scripting 2.3 Flashcards
1
Q
Cross-Site Scripting (XSS)
A
- Most common web app vulnerabilities.
- Takes advantage of the user’s trust in a web site.
- Attackers can include a script in their input and have it rendered as part of the web process.
2
Q
Non-Persistent XSS Attack
A
- 3rd party site configured to enable someone to run a script
- The injected script is not persisted or stored but rather is immediately executed.
- Passed back via the web server.
3
Q
Persistent Stored XSS Attack
A
- Script is permanently stored on the web server or some back-end storage.
- Allows the script to be used against others who log in to the system.
4
Q
Protection Against XSS Attack
A
- Be careful when clicking untrusted links.
- Consider disabling Javascript.
- Keep your browser and applications updated.