thank you everyone Is Canada Hill Master instructor a cyber In this video, we're gonna talk about Web defense,
So that's a quick pre assessment question here. This type of cross site scripting attack is executed directly in the victim's browser and not generally on the server. So what that means is, it's not generally sending anything to the server itself.
Our guest Answer. B. You are correct. So Don based is traditionally not going to send information to the server. However, there's are some instances with the attack that it it can do that. But generally speaking, just understand that it's usually just in the victim's browser itself.
So cross site scripting itself. We're talking about here like Untrusted Data's S O as the client side. There's no there's no verification of the data that's going to the server itself. Eso no validation. User supply data ends all going back to the user or, you know, attacker sending information to the server, and it's not being validated.
We have different times since I mentioned Dom. Already, we've got reflected and stored, which is the more common types of tax and stored being the most dangerous. They're simply because that's actually stored on the server. So every time I go re axis that web application, I'm essentially getting reinfected, and it's gonna affect multiple users. Reflected itself is gonna be on the victims
browser. So as an example, if I use a different machine as a victim, refined, clear, my cookies
usually can just move on with my life. And I'm not gonna be subject to that attack. And then, as I mentioned Don based as well
so reflected, you know, injected with a single http response.
So again, this this is, ah, sample script here. And that's where we're talking about on the client side for that one we've got stored, I mentioned that's on the service side. So if you ever kind of taking a test, I understand those are the kind of the major difference is there?
And then we got Don based, as we already mentioned, that's executed in the actual victims browser itself.
So prevalent it's ah, the second most common thing on the OSS top 10 and it's estimated to effect roughly about 2/3 of applications have some form of vulnerability to cross site scripting. That doesn't mean that just because something is vulnerable to. It doesn't mean that there's not other security measures in place by the organization to mitigate that.
But that just means that kind of as an overarching overall thing. It's roughly 2/3 of,
ah Web applications out there.
How do we check for that? Well, we can use different automated tools. One of the things Dad, you can use this like birth, sweet or old losses app. So there's many, many tools out there you can use as a pen tester hasn't written organization. You probably will see like burps, sweet, pro commonly and used in many places in the industry.
So the impact here, this kid, you know, lead to stealing sessions or credentials could also lead to the attacker sending through some malware on the victim's machine on and then also remote code execution as well.
How do we prevent that when we can separate untrusted data so we can basically sanitize the data? We can use frameworks that automatically escape cross site scripting. Having content security policies is a big thing in place to help, as well as escaping on trusted http requests