Skip to main content

Lesson 11 - OWASP Top 10 2017 - A7:2017-Cross-Site Scripting (XSS)

AppSec Starter is a basic application security awareness training applied to onboarding new developers. It is not the purpose of this training to discuss advanced and practical topics. Conviso has customized training and practical training platforms.

Training recorded by Nicolas Schmaltz and copyright reserved to Conviso Application Security S/A.

Lesson 11 Contents:

XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or filtering, or when it updates an existing web page with data submitted by a user via a browser API that can create JavaScript. XSS allows attackers to run scripts in a victim's browser, which can hijack user sessions, de-identify websites or redirect the user to malicious websites.