XSS Attacks

Book description

A cross site scripting attack is a very specific type of attack on a web application. It is used by hackers to mimic real sites and fool people into providing personal data.

XSS Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.
  • XSS Vulnerabilities exist in 8 out of 10 Web sites
  • The authors of this book are the undisputed industry leading authorities
  • Contains independent, bleeding edge research, code listings and exploits that can not be found anywhere else

Table of contents

  1. Front Cover
  2. XSS Attacks: Cross Site Scripting Exploits and Defense
  3. Copyright Page
  4. Contents (1/2)
  5. Contents (2/2)
  6. Chapter 1. Cross-site Scripting Fundamentals
    1. Introduction
    2. Web Application Security
    3. XML and AJAX Introduction
    4. Summary
    5. Solutions Fast Track
    6. Frequently Asked Questions
  7. Chapter 2. The XSS Discovery Toolkit
    1. Introduction
    2. Burp
    3. Debugging DHTML With Firefox Extensions (1/3)
    4. Debugging DHTML With Firefox Extensions (2/3)
    5. Debugging DHTML With Firefox Extensions (3/3)
    6. Analyzing HTTP Traffic with Firefox Extensions (1/3)
    7. Analyzing HTTP Traffic with Firefox Extensions (2/3)
    8. Analyzing HTTP Traffic with Firefox Extensions (3/3)
    9. GreaseMonkey (1/3)
    10. GreaseMonkey (2/3)
    11. GreaseMonkey (3/3)
    12. Hacking with Bookmarklets
    13. Using Technika
    14. Summary
    15. Solutions Fast Track
    16. Frequently Asked Questions
  8. Chapter 3. XSS Theory
    1. Introduction
    2. Getting XSS'ed
    3. DOM-based XSS In Detail (1/3)
    4. DOM-based XSS In Detail (2/3)
    5. DOM-based XSS In Detail (3/3)
    6. Redirection (1/2)
    7. Redirection (2/2)
    8. CSRF
    9. Flash, QuickTime, PDE Oh My (1/6)
    10. Flash, QuickTime, PDE Oh My (2/6)
    11. Flash, QuickTime, PDE Oh My (3/6)
    12. Flash, QuickTime, PDE Oh My (4/6)
    13. Flash, QuickTime, PDE Oh My (5/6)
    14. Flash, QuickTime, PDE Oh My (6/6)
    15. HTTP Response Injection
    16. Source vs. DHTML Reality (1/2)
    17. Source vs. DHTML Reality (2/2)
    18. Bypassing XSS Length Limitations
    19. XSS Filter Evasion (1/6)
    20. XSS Filter Evasion (2/6)
    21. XSS Filter Evasion (3/6)
    22. XSS Filter Evasion (4/6)
    23. XSS Filter Evasion (5/6)
    24. XSS Filter Evasion (6/6)
    25. Summary
    26. Solutions Fast Track
    27. Frequently Asked Questions
  9. Chapter 4. XSS Attack Methods
    1. Introduction
    2. History Stealing
    3. Intranet Hacking (1/3)
    4. Intranet Hacking (2/3)
    5. Intranet Hacking (3/3)
    6. XSS Defacements
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
    10. References
  10. Chapter 5. Advanced XSS Attack Vectors
    1. Introduction
    2. DNS Pinning
    3. IMAP3
    4. MHTML
    5. Hacking JSON (1/2)
    6. Hacking JSON (2/2)
    7. Summary
    8. Frequently Asked Questions
  11. Chapter 6. XSS Exploited
    1. Introduction
    2. XSS vs. Firefox Password Manager
    3. SeXXS Offenders
    4. Equifraked
    5. Owning the Cingular Xpress Mail User (1/4)
    6. Owning the Cingular Xpress Mail User (2/4)
    7. Owning the Cingular Xpress Mail User (3/4)
    8. Owning the Cingular Xpress Mail User (4/4)
    9. Alternate XSS: Outside the BoXXS (1/3)
    10. Alternate XSS: Outside the BoXXS (2/3)
    11. Alternate XSS: Outside the BoXXS (3/3)
    12. XSS Old School- Windows Mobile PIE 4.2
    13. XSSing Firefox Extensions (1/4)
    14. XSSing Firefox Extensions (2/4)
    15. XSSing Firefox Extensions (3/4)
    16. XSSing Firefox Extensions (4/4)
    17. XSS Exploitation: Point-Click-Own with EZPhotoSales
    18. Summary
    19. Solutions Fast Track
    20. Frequently Asked Questions
  12. Chapter 7. Exploit Frameworks
    1. Introduction
    2. AttackAPI
    3. BeEF (1/2)
    4. BeEF (2/2)
    5. CAL9000 (1/2)
    6. CAL9000 (2/2)
    7. Overview of XSS-Proxy (1/7)
    8. Overview of XSS-Proxy (2/7)
    9. Overview of XSS-Proxy (3/7)
    10. Overview of XSS-Proxy (4/7)
    11. Overview of XSS-Proxy (5/7)
    12. Overview of XSS-Proxy (6/7)
    13. Overview of XSS-Proxy (7/7)
    14. Summary
    15. Solutions Fast Track
    16. Frequently Asked Questions
  13. Chapter 8. XSS Worms
    1. Introduction
    2. Exponential XSS
    3. XSS Warhol Worm
    4. Linear XSS Worm (1/2)
    5. Linear XSS Worm (2/2)
    6. Samy Is My Hero
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  14. Chapter 9. Preventing XSS Attacks
    1. Introduction
    2. Filtering
    3. Input Encoding
    4. Output Encoding
    5. Web Browser's Security
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  15. Appendix A The Owned List (1/6)
  16. Appendix A The Owned List (2/6)
  17. Appendix A The Owned List (3/6)
  18. Appendix A The Owned List (4/6)
  19. Appendix A The Owned List (5/6)
  20. Appendix A The Owned List (6/6)
  21. Index (1/6)
  22. Index (2/6)
  23. Index (3/6)
  24. Index (4/6)
  25. Index (5/6)
  26. Index (6/6)

Product information

  • Title: XSS Attacks
  • Author(s): Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager, Petko D. Petkov
  • Release date: April 2011
  • Publisher(s): Syngress
  • ISBN: 9780080553405