From the course: Security in ASP.NET Core

Unlock this course with a free trial

Join today to access over 24,800 courses taught by industry experts.

Cross-site scripting (XSS): The attack

Cross-site scripting (XSS): The attack - ASP.NET Tutorial

From the course: Security in ASP.NET Core

Start my 1-month free trial Buy for my team

Cross-site scripting (XSS): The attack

- [Instructor] One of the most common and most dangerous attacks against web applications these days is cross-site scripting. The term cross-site scripting is a little bit unfortunate because it's rather confusing. What does cross-site mean? If I remember correctly, it was coined by Microsoft engineers in the late 1990s. And what they actually meant was JavaScript injection. And there are other attack vectors as well. So how about JavaScript and HTML injection? Doesn't sound as catchy as cross-site scripting. So we are stuck with XSS. There are different versions of cross-site scripting. Different approaches how an attacker can manage to inject JavaScript code into a web application. I'll show you the most common one. We have a client and we have a server. Usually the client is the victim. So it's a user that, may be triggered by an attacker, is sending an HTTP request to the server, and that HTTP request happens to contain JavaScript code. The actual error, however, is of course not…

Contents