Book description
A cross site scripting attack is a very specific type of attack on a web application. It is used by hackers to mimic real sites and fool people into providing personal data.XSS Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.
- XSS Vulnerabilities exist in 8 out of 10 Web sites
- The authors of this book are the undisputed industry leading authorities
- Contains independent, bleeding edge research, code listings and exploits that can not be found anywhere else
Table of contents
- Front Cover
- XSS Attacks: Cross Site Scripting Exploits and Defense
- Copyright Page
- Contents (1/2)
- Contents (2/2)
- Chapter 1. Cross-site Scripting Fundamentals
-
Chapter 2. The XSS Discovery Toolkit
- Introduction
- Burp
- Debugging DHTML With Firefox Extensions (1/3)
- Debugging DHTML With Firefox Extensions (2/3)
- Debugging DHTML With Firefox Extensions (3/3)
- Analyzing HTTP Traffic with Firefox Extensions (1/3)
- Analyzing HTTP Traffic with Firefox Extensions (2/3)
- Analyzing HTTP Traffic with Firefox Extensions (3/3)
- GreaseMonkey (1/3)
- GreaseMonkey (2/3)
- GreaseMonkey (3/3)
- Hacking with Bookmarklets
- Using Technika
- Summary
- Solutions Fast Track
- Frequently Asked Questions
-
Chapter 3. XSS Theory
- Introduction
- Getting XSS'ed
- DOM-based XSS In Detail (1/3)
- DOM-based XSS In Detail (2/3)
- DOM-based XSS In Detail (3/3)
- Redirection (1/2)
- Redirection (2/2)
- CSRF
- Flash, QuickTime, PDE Oh My (1/6)
- Flash, QuickTime, PDE Oh My (2/6)
- Flash, QuickTime, PDE Oh My (3/6)
- Flash, QuickTime, PDE Oh My (4/6)
- Flash, QuickTime, PDE Oh My (5/6)
- Flash, QuickTime, PDE Oh My (6/6)
- HTTP Response Injection
- Source vs. DHTML Reality (1/2)
- Source vs. DHTML Reality (2/2)
- Bypassing XSS Length Limitations
- XSS Filter Evasion (1/6)
- XSS Filter Evasion (2/6)
- XSS Filter Evasion (3/6)
- XSS Filter Evasion (4/6)
- XSS Filter Evasion (5/6)
- XSS Filter Evasion (6/6)
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 4. XSS Attack Methods
- Chapter 5. Advanced XSS Attack Vectors
-
Chapter 6. XSS Exploited
- Introduction
- XSS vs. Firefox Password Manager
- SeXXS Offenders
- Equifraked
- Owning the Cingular Xpress Mail User (1/4)
- Owning the Cingular Xpress Mail User (2/4)
- Owning the Cingular Xpress Mail User (3/4)
- Owning the Cingular Xpress Mail User (4/4)
- Alternate XSS: Outside the BoXXS (1/3)
- Alternate XSS: Outside the BoXXS (2/3)
- Alternate XSS: Outside the BoXXS (3/3)
- XSS Old School- Windows Mobile PIE 4.2
- XSSing Firefox Extensions (1/4)
- XSSing Firefox Extensions (2/4)
- XSSing Firefox Extensions (3/4)
- XSSing Firefox Extensions (4/4)
- XSS Exploitation: Point-Click-Own with EZPhotoSales
- Summary
- Solutions Fast Track
- Frequently Asked Questions
-
Chapter 7. Exploit Frameworks
- Introduction
- AttackAPI
- BeEF (1/2)
- BeEF (2/2)
- CAL9000 (1/2)
- CAL9000 (2/2)
- Overview of XSS-Proxy (1/7)
- Overview of XSS-Proxy (2/7)
- Overview of XSS-Proxy (3/7)
- Overview of XSS-Proxy (4/7)
- Overview of XSS-Proxy (5/7)
- Overview of XSS-Proxy (6/7)
- Overview of XSS-Proxy (7/7)
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 8. XSS Worms
- Chapter 9. Preventing XSS Attacks
- Appendix A The Owned List (1/6)
- Appendix A The Owned List (2/6)
- Appendix A The Owned List (3/6)
- Appendix A The Owned List (4/6)
- Appendix A The Owned List (5/6)
- Appendix A The Owned List (6/6)
- Index (1/6)
- Index (2/6)
- Index (3/6)
- Index (4/6)
- Index (5/6)
- Index (6/6)
Product information
- Title: XSS Attacks
- Author(s):
- Release date: April 2011
- Publisher(s): Syngress
- ISBN: 9780080553405
You might also like
book
Web Application Security
While many resources for network and IT security are available, detailed knowledge regarding modern web application …
book
Hands-On Security in DevOps
Protect your organization's security at all levels by introducing the latest strategies for securing DevOps Key …
book
HTTP: The Definitive Guide
Behind every web transaction lies the Hypertext Transfer Protocol (HTTP) --- the language of web browsers …
book
Web Application Security, A Beginner's Guide
Security Smarts for the Self-Guided IT Professional “Get to know the hackers—or plan on getting hacked. …