Cross Site Scripting (XSS)
Download as PPTX, PDF2 likes3,795 views
This document discusses cross-site scripting (XSS) attacks. XSS is one of the most common web attacks, operating in the user's browser. It can cause issues like account hijacking or installing malware. There are three main types of XSS attacks. The attacks work by injecting malicious scripts into web pages that are then executed when a user visits the page. Proper input validation and output encoding are recommended to prevent XSS attacks. Developers should filter and encode all untrusted user input to avoid having malicious scripts injected into their applications.
1 of 16
Downloaded 234 times
![How it works
<?php
$txt=$_GET[„hack_me‟];
echo $txt; // echo “<script>alert("Hacked");</script>”
?>](https://image.slidesharecdn.com/crosssitescriptingxss-130102142220-phpapp02/85/Cross-Site-Scripting-XSS-9-320.jpg)
![XSS Countermeasures
• HTML Escape Before Inserting Untrusted Data
into HTML Element Content:
• ESAPI Encoder Example:
String safe = ESAPI.encoder().encodeForHTML(
request.getParameter( "input" ) );
• AntiXSS Equivalent:
string safe =
Microsoft.Security.Application.AntiXss.HtmlEncode(
Request.QueryString[ "input" ] );](https://image.slidesharecdn.com/crosssitescriptingxss-130102142220-phpapp02/85/Cross-Site-Scripting-XSS-13-320.jpg)
Ad
Recommended
Xss talk, attack and defense
Xss talk, attack and defensePrakashchand Suthar XSS? Sure, we all have heard about - XSS, stands for Cross Site Scripting, but XSS sounds lot more cool, huh?
Have your account or website been hacked? Or you sure might have heard about such a compromised account or site from someone? Have you been ever tricked by a website? Have you ever noticed your everyday trusted site behaving abnormally, throwing weird content at you?
Nowadays, these are very common incidents.
Recently:
Pentagon XSS Hack
Facebook XSS Hack
How hackers do it all? Why the hell do they do it? Would you like to check it out live, do some hands-on? And focus on how to secure against this nasty vulnerability.
Come join us to see - HOW IT HAPPENS and MAKE IT HAPPEN YOURSELF.
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz Contents :
- Introduction
- Description as A Widely Used Hacking Technique
- How it is used in Hacking
- What can be done with XSS
#XSS, #Hacking, #Security, #CookieStealing, #InternetBug, #HTMLInjection
Sincerely,
Irfad Imtiaz
XSS
XSSHrishikesh Mishra About XSS security, their impact on PHP applications. Some examples of xss attacks. Solution for xss attacks.
The Cross Site Scripting Guide
The Cross Site Scripting GuideDaisuke_Dan The document discusses cross-site scripting (XSS) attacks, how they work, and how to prevent them. XSS attacks involve injecting malicious HTML/JavaScript code into a website that is then executed by a user's browser and can be used to steal user data. The document covers different types of XSS attacks like stored and reflected XSS and how to prevent XSS vulnerabilities through sanitizing user input and only allowing safe HTML attributes.
Cross Site Scripting Defense Presentation 
Cross Site Scripting Defense Presentation Ikhade Maro Igbape Cross site scripting (XSS) is a type of computer security vulnerability typically found in web applications, but in proposing defensive measures for cross site scripting the websites validate the user input and determine if they are vulnerable to cross site scripting. The major considerations are input validation and output sanitization.
There are lots of defense techniques introduced nowadays and even though the coding methods used by developers are evolving to counter attack cross site scripting techniques, still the security threat persist in many web applications for the following reasons:
• The complexity of implementing the codes or methods.
• Non-existence of input data validation and output sanitization in all input fields of the application.
• Lack of knowledge in identifying hidden XSS issues etc.
This proposed project report will briefly discuss what cross site scripting is and highlight the security features and defense techniques that can help against this widely versatile attack.
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates This document discusses cross-site scripting (XSS) vulnerabilities. It covers the business risks of XSS, including account compromise and malware installation. It explains how XSS works by giving an example of a reflected XSS attack. It then discusses different XSS attack points and variations. The document outlines mitigation techniques like output encoding and content security policies. It provides examples of how these defenses work to prevent XSS exploits. Finally, it discusses tools like the OWASP XSS prevention cheat sheet and upcoming security training sessions.
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Daniel Tumser Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject client-side scripts into web pages viewed by other users. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. XSS has been one of the top vulnerabilities on the OWASP Top Ten list for many years. While XSS attacks can compromise user sessions and steal sensitive data, developers can prevent XSS through proper input sanitization and output encoding. As web applications continue to grow in use, jobs in web application security and penetration testing are also expected to increase significantly in the coming years.
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx This document discusses cross-site scripting (XSS) attacks. It defines XSS as an attack where malicious scripts are injected into otherwise trusted websites. The document outlines three types of XSS attacks and provides examples of real-world XSS worms. It explains how to exploit stored, reflected, and DOM-based XSS vulnerabilities. Finally, it recommends ways to prevent XSS, including input and output filtering, encoding output, and using mitigations like HttpOnly cookies and content security policies.
Cross site scripting XSS
Cross site scripting XSSRonan Dunne, CEH, SSCP Cross-site scripting (XSS) is one of the most common web application attacks, where malicious scripts are injected into otherwise benign websites. There are three main types of XSS attacks - stored, reflected, and DOM-based. To prevent XSS, developers should sanitize user input by removing hazardous characters, properly escape untrusted output before displaying it, and enforce a specific character encoding.
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxAaron Weaver The document discusses cross-site scripting (XSS) flaws that occur when untrusted user data is included on a webpage without validation or encoding. XSS allows attackers to execute scripts in a victim's browser by tricking them into visiting a malicious website. The document provides examples of XSS payloads and links to learn more about prevention and filters.
Cross Site Scripting
Cross Site ScriptingAli Mattash Cross-Site Scripting (XSS) is a security vulnerability that allows malicious code to be injected into web pages viewed by other users. There are three main types of XSS attacks: non-persistent reflects the user's input back without filtering; persistent stores the input and displays it later to other users; and DOM-based exploits vulnerabilities in client-side scripts. XSS attacks are used to hijack user accounts, steal cookies, and conduct phishing scams. Developers can prevent XSS by sanitizing all user input, using encoding on untrusted fields, and keeping software updated.
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi Cross Site Scripting (XSS) is a vulnerability that allows malicious users to insert client-side code into web pages that is then executed by a user's browser. This code can steal cookies, access private information, perform actions on the user's behalf, and redirect them to malicious websites. XSS works by having the server display input containing malicious JavaScript from a request. There are different types of XSS attacks, including non-persistent, persistent, and DOM-based attacks. Prevention methods include validating, sanitizing, and escaping all user input on the server-side and client-side. Web vulnerability scanners like Burp Suite can help test for XSS and other vulnerabilities.
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Nabin Dutta Cross-site scripting (XSS) allows malicious code to be injected into web applications, potentially enabling attacks like cookie theft, account hijacking, and phishing. There are three main types of XSS attacks: reflected, stored, and DOM-based. Reflected XSS tricks the user into clicking a malicious link, while stored XSS embeds malicious code directly into the website. DOM-based XSS targets vulnerabilities in client-side scripts. XSS remains a significant threat and proper input validation and output encoding are needed to help prevent attacks.
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology This presentation is from Null/OWASP/G4H November Bangalore MeetUp 2014.
technology.inmobi.com/events/null-owasp-g4h-november-meetup
Talk Outline:-
A) Reflective-(Non-Persistent Cross-site Scripting)
- What is Reflective Cross-site scripting.
- Testing for Reflected Cross site scripting
How to Test
- Black Box testing
- Bypass XSS filters
- Gray Box testing
Tools
Defending Against Reflective Cross-site scripting.
Examples of Reflective Cross-Site Scripting Attacks.
B) Stored -(Persistent Cross-site Scripting)
What is Stored Cross-site scripting.
How to Test
- Black Box testing
- Gray Box testing
Tools
Defending Against Stored Cross-site scripting.
Examples of Stored Cross-Site Scripting Attacks.
Cross site scripting
Cross site scriptingkinish kumar Cross Site Scripting (XSS) is a type of vulnerability that allows attackers to inject client-side scripts into web pages viewed by other users. There are three main types: persistent XSS saves the attack script on the server; reflected XSS executes a script based on user-supplied input; and DOM-based XSS occurs when active browser content processes untrusted user input. Attackers use XSS to steal session cookies or other private information that can be used to impersonate users.
Cross site scripting
Cross site scriptingashutosh rai Cross-site scripting (XSS) is a type of attack where malicious scripts are injected into vulnerable websites. There are two main types: persistent XSS, where the script is permanently stored on the website, and non-persistent XSS, which uses a specially crafted link. XSS can be prevented through input validation, disabling scripting languages, user education, and browser security updates. The worst-case scenario is that an XSS vulnerability could allow a site to be used as a platform for further attacks against users and connected websites. While XSS malware is still emerging, its techniques continue to evolve posing growing risks.
XSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolArjun Jain This document summarizes a presentation on cross-site scripting (XSS) attacks and the XSS Alert tool. It defines XSS as enabling attackers to inject client-side scripts into web pages. It describes three types of XSS attacks and provides an example of a reflected XSS attack. It also discusses DOM security, how XSS Alert works to detect XSS vulnerabilities, and demonstrates an XSS attack on a Yahoo server.
XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?Yurii Bilyk This document discusses cross-site scripting (XSS) attacks and techniques for bypassing web application firewalls (WAFs) that aim to prevent XSS. It explains how XSS payloads can be embedded in XML, GIF images, and clipboard data to exploit browser parsing behaviors. The document also provides examples of encoding payloads in complex ways like JS-F**K to evade WAF signature rules.
Xss (cross site scripting)
Xss (cross site scripting)vinayh.vaghamshi _ Cross-site scripting (XSS) is a type of vulnerability in web applications that allows attackers to inject client-side scripts. There are three main types of XSS - reflected XSS occurs when malicious scripts are included in links or requests to the server, stored XSS happens when scripts are stored on the server through forums or comments, and local XSS executes without contacting the server through PDFs or Flash. XSS can lead to compromised user accounts, denial of service attacks, or access to users' local machines. Developers can prevent XSS through input validation, encoding output, and keeping software updated.
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran Cross-site scripting (XSS) is an injection attack where malicious scripts are injected into otherwise trusted sites. There are three main types of XSS attacks: reflected XSS occurs via URLs, stored XSS occurs when scripts are stored in a database and delivered to users, and DOM-based XSS modifies the DOM environment. XSS attacks can lead to issues like session hijacking, phishing, and port scanning. Developers can prevent XSS by validating and encoding untrusted data, and using HTTP-only and secure flags for cookies.
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Barrel Software This document discusses cross-site scripting (XSS) attacks against mobile applications. It defines XSS as a type of injection where malicious scripts are injected into trusted websites. The document describes three types of XSS attacks - reflected XSS, stored XSS, and DOM-based XSS. It provides examples of each type of attack and how attackers are able to execute scripts on a victim's machine by injecting code. The document concludes with recommendations for preventing XSS attacks, including validating all input data, encoding all output data, and setting the proper character encoding.
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar This presentation will provide you the deep knowledge of the Cross-Site Scripting and SQL Injection with the remediation and prevention measures.
XSS- an application security vulnerability
XSS- an application security vulnerabilitySoumyasanto Sen One of the most typical web application security vulnerabilities Cross-Site Scripting (XSS). What does it mean to Developer?
How they are important? What should we keep in mind? How could we prevent this to some extend as Developer? How Attackers proceed? Many mores..
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharSandeep Kumbhar Introduction
Impact of XSS attacks
Types of XSS attacks
Detection of XSS attacks
Prevention of XSS attacks
At client side
At Server-side
Conclusion
References
Xss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei XSS (cross-site scripting) is a client-side vulnerability that allows injection of malicious JavaScript which can then be run on a victim's browser. The document discusses different types of XSS (non-persistent, persistent, DOM-based), examples of how to perform basic and advanced XSS attacks, ways XSS has been used on major websites, and how attackers can exploit XSS vulnerabilities for activities like session hijacking, cookie stealing, clickjacking, and more.
Cross site scripting (xss)
Cross site scripting (xss)Manish Kumar Cross-site scripting (XSS) allows malicious code injection into web applications. There are three types of XSS vulnerabilities: non-persistent, persistent, and DOM-based. To avoid XSS, developers should eliminate scripts, secure cookies, validate input, and filter/escape output. Proper coding practices can help prevent XSS attacks.
What is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgetsZiv Ginsberg Explanation on what are the types of XSS attacks,
What is Blind XSS
And the security hole google had in gmodules
XSS Injection Vulnerabilities
XSS Injection VulnerabilitiesMindfire Solutions This presentation explores on how to test Cross site scripting Injection Vulnerabilities, prevention, Best practice, small lab(introduction to web
goat) etc.
Cross site scripting
Cross site scriptingn|u - The Open Security Community Cross Site Scripting (XSS) is a type of injection attack where malicious scripts are injected into otherwise benign and trusted websites. XSS has been a top web application vulnerability since 1996. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when malicious scripts come from URLs, while stored XSS happens when scripts are stored on websites. XSS can be used to steal cookies and sessions, redirect users, alter website contents, and damage an organization's reputation. Developers can prevent XSS through input validation, output encoding, and using the HttpOnly flag.
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. There are three main types: stored XSS injects scripts into stored data like forums; reflected XSS uses malicious links; DOM-based XSS modifies the DOM. Successful XSS can steal users' cookies and passwords, hijack sessions, deface websites, and distribute malware. Developers can prevent XSS by escaping untrusted data, using safe templating systems, and implementing a content security policy.
Ad
More Related Content
What's hot (20)
Cross site scripting XSS
Cross site scripting XSSRonan Dunne, CEH, SSCP Cross-site scripting (XSS) is one of the most common web application attacks, where malicious scripts are injected into otherwise benign websites. There are three main types of XSS attacks - stored, reflected, and DOM-based. To prevent XSS, developers should sanitize user input by removing hazardous characters, properly escape untrusted output before displaying it, and enforce a specific character encoding.
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxAaron Weaver The document discusses cross-site scripting (XSS) flaws that occur when untrusted user data is included on a webpage without validation or encoding. XSS allows attackers to execute scripts in a victim's browser by tricking them into visiting a malicious website. The document provides examples of XSS payloads and links to learn more about prevention and filters.
Cross Site Scripting
Cross Site ScriptingAli Mattash Cross-Site Scripting (XSS) is a security vulnerability that allows malicious code to be injected into web pages viewed by other users. There are three main types of XSS attacks: non-persistent reflects the user's input back without filtering; persistent stores the input and displays it later to other users; and DOM-based exploits vulnerabilities in client-side scripts. XSS attacks are used to hijack user accounts, steal cookies, and conduct phishing scams. Developers can prevent XSS by sanitizing all user input, using encoding on untrusted fields, and keeping software updated.
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi Cross Site Scripting (XSS) is a vulnerability that allows malicious users to insert client-side code into web pages that is then executed by a user's browser. This code can steal cookies, access private information, perform actions on the user's behalf, and redirect them to malicious websites. XSS works by having the server display input containing malicious JavaScript from a request. There are different types of XSS attacks, including non-persistent, persistent, and DOM-based attacks. Prevention methods include validating, sanitizing, and escaping all user input on the server-side and client-side. Web vulnerability scanners like Burp Suite can help test for XSS and other vulnerabilities.
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Nabin Dutta Cross-site scripting (XSS) allows malicious code to be injected into web applications, potentially enabling attacks like cookie theft, account hijacking, and phishing. There are three main types of XSS attacks: reflected, stored, and DOM-based. Reflected XSS tricks the user into clicking a malicious link, while stored XSS embeds malicious code directly into the website. DOM-based XSS targets vulnerabilities in client-side scripts. XSS remains a significant threat and proper input validation and output encoding are needed to help prevent attacks.
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology This presentation is from Null/OWASP/G4H November Bangalore MeetUp 2014.
technology.inmobi.com/events/null-owasp-g4h-november-meetup
Talk Outline:-
A) Reflective-(Non-Persistent Cross-site Scripting)
- What is Reflective Cross-site scripting.
- Testing for Reflected Cross site scripting
How to Test
- Black Box testing
- Bypass XSS filters
- Gray Box testing
Tools
Defending Against Reflective Cross-site scripting.
Examples of Reflective Cross-Site Scripting Attacks.
B) Stored -(Persistent Cross-site Scripting)
What is Stored Cross-site scripting.
How to Test
- Black Box testing
- Gray Box testing
Tools
Defending Against Stored Cross-site scripting.
Examples of Stored Cross-Site Scripting Attacks.
Cross site scripting
Cross site scriptingkinish kumar Cross Site Scripting (XSS) is a type of vulnerability that allows attackers to inject client-side scripts into web pages viewed by other users. There are three main types: persistent XSS saves the attack script on the server; reflected XSS executes a script based on user-supplied input; and DOM-based XSS occurs when active browser content processes untrusted user input. Attackers use XSS to steal session cookies or other private information that can be used to impersonate users.
Cross site scripting
Cross site scriptingashutosh rai Cross-site scripting (XSS) is a type of attack where malicious scripts are injected into vulnerable websites. There are two main types: persistent XSS, where the script is permanently stored on the website, and non-persistent XSS, which uses a specially crafted link. XSS can be prevented through input validation, disabling scripting languages, user education, and browser security updates. The worst-case scenario is that an XSS vulnerability could allow a site to be used as a platform for further attacks against users and connected websites. While XSS malware is still emerging, its techniques continue to evolve posing growing risks.
XSS-Alert-Pentration testing tool
XSS-Alert-Pentration testing toolArjun Jain This document summarizes a presentation on cross-site scripting (XSS) attacks and the XSS Alert tool. It defines XSS as enabling attackers to inject client-side scripts into web pages. It describes three types of XSS attacks and provides an example of a reflected XSS attack. It also discusses DOM security, how XSS Alert works to detect XSS vulnerabilities, and demonstrates an XSS attack on a Yahoo server.
XSS - Do you know EVERYTHING?
XSS - Do you know EVERYTHING?Yurii Bilyk This document discusses cross-site scripting (XSS) attacks and techniques for bypassing web application firewalls (WAFs) that aim to prevent XSS. It explains how XSS payloads can be embedded in XML, GIF images, and clipboard data to exploit browser parsing behaviors. The document also provides examples of encoding payloads in complex ways like JS-F**K to evade WAF signature rules.
Xss (cross site scripting)
Xss (cross site scripting)vinayh.vaghamshi _ Cross-site scripting (XSS) is a type of vulnerability in web applications that allows attackers to inject client-side scripts. There are three main types of XSS - reflected XSS occurs when malicious scripts are included in links or requests to the server, stored XSS happens when scripts are stored on the server through forums or comments, and local XSS executes without contacting the server through PDFs or Flash. XSS can lead to compromised user accounts, denial of service attacks, or access to users' local machines. Developers can prevent XSS through input validation, encoding output, and keeping software updated.
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran Cross-site scripting (XSS) is an injection attack where malicious scripts are injected into otherwise trusted sites. There are three main types of XSS attacks: reflected XSS occurs via URLs, stored XSS occurs when scripts are stored in a database and delivered to users, and DOM-based XSS modifies the DOM environment. XSS attacks can lead to issues like session hijacking, phishing, and port scanning. Developers can prevent XSS by validating and encoding untrusted data, and using HTTP-only and secure flags for cookies.
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Barrel Software This document discusses cross-site scripting (XSS) attacks against mobile applications. It defines XSS as a type of injection where malicious scripts are injected into trusted websites. The document describes three types of XSS attacks - reflected XSS, stored XSS, and DOM-based XSS. It provides examples of each type of attack and how attackers are able to execute scripts on a victim's machine by injecting code. The document concludes with recommendations for preventing XSS attacks, including validating all input data, encoding all output data, and setting the proper character encoding.
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar This presentation will provide you the deep knowledge of the Cross-Site Scripting and SQL Injection with the remediation and prevention measures.
XSS- an application security vulnerability
XSS- an application security vulnerabilitySoumyasanto Sen One of the most typical web application security vulnerabilities Cross-Site Scripting (XSS). What does it mean to Developer?
How they are important? What should we keep in mind? How could we prevent this to some extend as Developer? How Attackers proceed? Many mores..
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharSandeep Kumbhar Introduction
Impact of XSS attacks
Types of XSS attacks
Detection of XSS attacks
Prevention of XSS attacks
At client side
At Server-side
Conclusion
References
Xss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei XSS (cross-site scripting) is a client-side vulnerability that allows injection of malicious JavaScript which can then be run on a victim's browser. The document discusses different types of XSS (non-persistent, persistent, DOM-based), examples of how to perform basic and advanced XSS attacks, ways XSS has been used on major websites, and how attackers can exploit XSS vulnerabilities for activities like session hijacking, cookie stealing, clickjacking, and more.
Cross site scripting (xss)
Cross site scripting (xss)Manish Kumar Cross-site scripting (XSS) allows malicious code injection into web applications. There are three types of XSS vulnerabilities: non-persistent, persistent, and DOM-based. To avoid XSS, developers should eliminate scripts, secure cookies, validate input, and filter/escape output. Proper coding practices can help prevent XSS attacks.
What is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgetsZiv Ginsberg Explanation on what are the types of XSS attacks,
What is Blind XSS
And the security hole google had in gmodules
XSS Injection Vulnerabilities
XSS Injection VulnerabilitiesMindfire Solutions This presentation explores on how to test Cross site scripting Injection Vulnerabilities, prevention, Best practice, small lab(introduction to web
goat) etc.
Viewers also liked (15)
Cross site scripting
Cross site scriptingn|u - The Open Security Community Cross Site Scripting (XSS) is a type of injection attack where malicious scripts are injected into otherwise benign and trusted websites. XSS has been a top web application vulnerability since 1996. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when malicious scripts come from URLs, while stored XSS happens when scripts are stored on websites. XSS can be used to steal cookies and sessions, redirect users, alter website contents, and damage an organization's reputation. Developers can prevent XSS through input validation, output encoding, and using the HttpOnly flag.
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. There are three main types: stored XSS injects scripts into stored data like forums; reflected XSS uses malicious links; DOM-based XSS modifies the DOM. Successful XSS can steal users' cookies and passwords, hijack sessions, deface websites, and distribute malware. Developers can prevent XSS by escaping untrusted data, using safe templating systems, and implementing a content security policy.
Cross site scripting (xss)
Cross site scripting (xss)Ritesh Gupta Cross-site scripting (XSS) is a vulnerability that allows malicious code to be injected into web applications. There are two types: reflected (non-persistent) XSS occurs when malicious code is reflected off a web server in responses like errors or search results. Stored (persistent) XSS occurs when malicious code is saved in a database and then displayed to users. XSS attacks can steal user cookies and private information, redirect users to malicious sites, and perform actions as the victim.
XSS - Attacks & Defense
XSS - Attacks & DefenseBlueinfy Solutions This document discusses cross-site scripting (XSS) attacks and defenses. It describes different types of XSS (persistent, non-persistent, DOM-based), how XSS attacks work, and examples of XSS injection vectors. It also provides recommendations for preventing XSS, including encoding output, sanitizing input, and using features like HttpOnly cookies.
Man in the Middle? - No, thank you!
Man in the Middle? - No, thank you!Daniel Schneller The document discusses techniques for validating SSL certificates to prevent man-in-the-middle attacks. It describes reference certificates, where the client bundles the server's certificate and compares it to the one presented. It also covers certificate fingerprinting, where the client compares the certificate's fingerprint to a trusted reference. Both approaches aim to detect if a rogue certificate is intercepting the connection between client and server. The document cautions that certificate changes over time could break validation and recommends updating apps and references in a timely manner.
Xss what the heck-!
Xss what the heck-!VodqaBLR Cross-site scripting (XSS) occurs when web applications display user-supplied data without validation or encoding, allowing attackers to execute scripts in a victim's browser. There are two main types: reflective XSS, where malicious scripts come from user-supplied data included in the same page; and persistent XSS, where scripts are stored on the server. Prevention techniques include input validation, output encoding, and content security policies. Tools like XSS Me and Burp Suite can help identify vulnerabilities, while future references include XSS cheat sheets for testing and prevention best practices.
Xss
XssRajendra Dangwal Cross-site scripting (XSS) is a vulnerability that allows malicious code to be injected into web applications. There are two types of XSS attacks - reflected XSS occurs through links on other sites that pass malicious scripts, while stored XSS stores scripts in databases to be displayed for other users. XSS attacks can steal users' cookies and private information, redirect users to malicious sites, and perform actions as the victim. Developers can prevent XSS by validating all input data from users before displaying it and encoding output.
Cross Site Scripting (XSS) Defense with Java
Cross Site Scripting (XSS) Defense with JavaJim Manico Cross Site Scripting Defense is difficult. The Java Programming language does not provide native key defenses necessary to throughly prevent XSS. As technologies such as Content Security Policy emerge, we still need pragmatic advice to stop XSS in legacy applications as well as new applications using traditional Java frameworks. First generation encoding libraries had both performance and completeness problems that prevent developers from through, production-safe XSS defense. This talk will deeply review the OWASP Java Encoder Project and the OWASP HTML Sanitizer Project and give detailed code samples highlighting their use. Additional advice on next-generation JavaScript and JSON workflows using the OWASP JSON Sanitizer will also be reviewed.
man in the middle
man in the middleapurv_verma007 This document discusses man-in-the-middle attacks against cryptographic protocols. It describes two classes of man-in-the-middle attacks - passive attacks where the attacker can only monitor communications, and active attacks where the attacker can modify messages. It then gives an example of how a man-in-the-middle attack works against key exchange protocols by replacing one party's public key. Finally, it provides an example of how the Diffie-Hellman key exchange protocol allows two parties to securely generate a shared secret key to prevent such man-in-the-middle attacks.
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesRonan Dunne, CEH, SSCP Website defacement involves changing the visual appearance of a website or webpage by exploiting a vulnerability. The document discusses testing website defacement by capturing requests using ZAP proxy and replacing content with malicious code to bypass client-side protections. It then provides examples of defacement techniques like redirecting to hacked images, adding hacked images, covering the page with hacked text, and changing the background. Finally, it recommends server-side input filtering, output escaping, and enforcing a character encoding to prevent defacement attacks.
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS FilterMasato Kinugawa 2015/12: I removed some slides because some vectors are not fixed yet.
2016/12: Disclosed full verson
Man in the Middle Atack
Man in the Middle AtackSDU CYBERLAB Man in the Middle Atack | http://cyberlab.sdu.edu.tr | [email protected]
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesAbraham Aranguren XXE Exposed Webinar Slides:
Brief coverage of SQLi and XSS against Web Services to then talk about XXE and XEE attacks and mitigation. Heavily inspired on the "Practical Web Defense" (PWD) style of pwnage + fixing (https://www.elearnsecurity.com/PWD)
Full recording here:
NOTE: (~20 minute) XXE + XEE Demo Recording starts at minute 25
https://www.elearnsecurity.com/collateral/webinar/xxe-exposed/
XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah This document discusses cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks in HTML5. It begins with an overview of the evolution of HTML and the expansion of the browser attack surface with new technologies. It then covers specific XSS vectors using new HTML5 features like media tags, autofocus attributes, and forms. The document also examines how CSRF can be conducted using HTML5 features like XMLHttpRequests and bypassing the same-origin policy and CORS restrictions. Defense techniques like content security policy headers are also discussed.
Man In The Middle - Hacking Illustrated
Man In The Middle - Hacking IllustratedInfoSec Institute See how man-in-the-middle is performed. Step by step instructions and diagrams showing how this attack works
Ad
Similar to Cross Site Scripting (XSS) (20)
15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xssappsec Cross-site scripting (XSS) occurs when malicious scripts are injected into otherwise benign and trusted websites. The scripts, which are often injected by attackers into forums, guestbooks, or other public servers, can steal user session cookies and passwords, rewrite pages, redirect users, and install malware. XSS vulnerabilities allow these scripts to masquerade as legitimate content on a vulnerable site and can impact all users. Proper output encoding of untrusted data when displayed on a website is recommended to prevent XSS flaws.
Hack proof your ASP NET Applications
Hack proof your ASP NET ApplicationsSarvesh Kushwaha This presentation includes information about different attacks on an asp.net web application and how to secure from those attacks.
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir Above are my slides I used during a workshop I conducted at the Moroccan Cyber Security Camp back in May 2017.
04. xss and encoding
04. xss and encodingEoin Keary XSS (cross-site scripting) is a common web vulnerability that allows attackers to inject client-side scripts. The document discusses various types of XSS attacks and defenses against them. It covers:
1) Reflected/transient XSS occurs when untrusted data in URL parameters is immediately displayed without sanitization. Stored/persistent XSS occurs when untrusted data is stored and later displayed. DOM-based XSS manipulates the DOM.
2) Defenses include HTML/URL encoding untrusted data before displaying it, validating all inputs, and using context-specific encoding for HTML elements, attributes, JavaScript, and URLs.
3) The OWASP Java Encoder Project and Microsoft Anti
Building Client-Side Attacks with HTML5 Features
Building Client-Side Attacks with HTML5 FeaturesConviso Application Security Palestra ministrada no OWASP Floripa Day - Florianópolis - SC |
A palestra tem como objetivo mostrar os conceitos e funcionamento de algumas funcionalidades que foram adicionadas ao HTML5, levando em consideração os aspectos de segurança do client-side. Para as funcionalidades destacadas, foram criados cenários de ataques visando ilustrar a obtenção de informações sensíves armazenadas no browser ou até mesmo usar o browser da vítima para lançar ataques contra outros sistemas. Através da exploração das funcionalidades existentes no HTML5, técnicas de exploração como XSS e CSRF, tornam-se mais poderosas e eficientes, sendo possível em alguns casos contornar algumas restrições do Same Origin Policiy (SOP).
Cross site scripting 
Cross site scripting Bilal Mazhar MS(IS)Cyber Security II Privacy Professional Cross-site scripting (XSS) is a type of web application vulnerability where malicious scripts are injected into otherwise benign web pages. There are three main types of XSS attacks: stored XSS, reflected XSS, and DOM-based XSS. XSS vulnerabilities have affected many major websites and can enable account hijacking, cookie theft, and other malicious activities. Developers can prevent XSS by encoding untrusted inputs, validating inputs, and using security libraries that filter malicious scripts.
Browser Security 101 
Browser Security 101 Stormpath Join Stormpath Developer Evangelist, Robert Damphousse, to dive deep into browser security. Robert will explain how Session IDs, Man in the Middle (MITM), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) attacks work, and how to use cookies to support security best practices.
Topics Covered:
- Security concerns for modern web apps
- Cookies, the right way
- MITM, XSS, and CSRF attacks
- Session ID problems
- Examples in an Angular app
2013 OWASP Top 10
2013 OWASP Top 10bilcorry 2013 OWASP Top 10 presentation, slightly modified for a presentation I did at the Lasso Developer Conference in Niagara Falls.
The top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology The top 10 security issues in web applications are:
1. Injection flaws such as SQL, OS, and LDAP injection.
2. Cross-site scripting (XSS) vulnerabilities that allow attackers to execute scripts in a victim's browser.
3. Broken authentication and session management, such as not logging users out properly or exposing session IDs.
4. Insecure direct object references where users can directly access files without authorization checks.
5. Cross-site request forgery (CSRF) that tricks a user into performing actions they did not intend.
6. Security misconfiguration of web or application servers.
7. Insecure cryptographic storage of passwords or sensitive data.
8
www.webre24h.com - Ajax security
www.webre24h.com - Ajax securitywebre24h Ajax enables asynchronous communication between the client and server in web applications. While this improves the user experience, it also increases security risks. Ajax applications have a larger attack surface since client-side code can directly access server-side functions. Cross-site scripting attacks are also more dangerous as injected scripts can make authenticated requests without reloading the page. Bridges used to connect Ajax applications to third-party services can act as open proxies and expose vulnerabilities in those other systems if not properly secured. Developers must validate all user-supplied inputs to Ajax functions to prevent attacks.
Devouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site Scriptinggmaran23 Devouring Security: Insufficient Data Validation Risks - Cross Site Scripting (XSS)
• Risk, Stories & the news
• XSS Anatomy
• Untrusted Data Sources – Well, Where did that come from?
• Shouldn’t it be called CSS instead?
• Types of XSS
- Type 0 [DOM based]
- Type 1 [Reflected or Non-persistent XSS]
- Type 2 [Persistent or Stored XSS]
• Live Demo: XSS 101 with alert('hello XSS world')
• Live Demo: Cookie Hijacking and Privilege Escalation
- Face/Off with John Travolta and Nicolas Cage
• Live Demo: Let’s deploy some Key loggers,huh?
• Mitigations
- Input Sanitization
- Popular Libraries for .Net, Java, php
Demo: Input sanitization
- Whitelists (vs. Blackists)
- Output Encoding
Contextual
Demo: Output Encoding
- Browser Protections & bypasses
- Framework Protections & bypasses
- Content Security Policy (CSP) in brief
• Secure Code reviews: Spot an XSS, How?
• Tools: Do we have an option?
• XSS Buzz and how to Fuzz
• Renowned Cheat sheets
• Further reading & References
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance JavaScript controls our lives – we use it to zoom in and out of a map, to automatically schedule doctor appointments and toplay online games. But have we ever properly considered thesecurity state of this scripting language? Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact ofJavaScript vulnerability exploitation to the enterprise: from stealing serverside data to infecting users with malware. Hackers are beginning to recognize this new playground and are quicklyadding JavaScript exploitation tools to their Web attack arsenal.
OWASP top 10-2013
OWASP top 10-2013tmd800 The document summarizes the OWASP Top 10 risks for 2013 and provides details on each risk. It introduces the new title for the risks as the "Top 10 Most Critical Web Application Security Risks" and notes they are now based on a risk rating methodology. Injection, XSS, and broken authentication remain the top risks. The document provides examples and recommendations for avoiding each risk.
Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
XSS Defence with @manicode and @eoinkeary
XSS Defence with @manicode and @eoinkearyEoin Keary The document discusses various techniques for preventing cross-site scripting (XSS) attacks, including encoding untrusted data for different contexts, using content security policy (CSP), and jQuery encoding plugins. It provides examples of using encoding libraries like OWASP Encoder to sanitize input for HTML, JavaScript, CSS, and more. It also describes DOM-based XSS defenses, avoiding dangerous jQuery methods, and the structure of CSP violation reports.
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Complete xss walkthrough
Complete xss walkthroughAhmed Elhady Mohamed The document provides a complete walkthrough of cross-site scripting (XSS) vulnerabilities, including:
1) It defines XSS and explains that it allows attackers to inject client-side scripts.
2) It describes three types of XSS - stored (persistent), reflected (non-persistent), and DOM-based - and provides examples of each.
3) It discusses advanced techniques attackers use to bypass input filtering, such as uppercasing tags to avoid lowercase filters or using ASCII character codes.
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdfGiorgiRcheulishvili This document discusses various cross-site scripting (XSS) evasion techniques and evaluates the effectiveness of popular XSS filters and intrusion detection systems (IDS), including ModSecurity, PHP-IDS, and Internet Explorer 8. It provides examples of how attacks can bypass these defenses by exploiting Unicode encoding, HTML/JavaScript tricks, and other methods. The author argues that most filters are ineffective at blocking all XSS variations and recommends ways to strengthen XSS filtering.
RSA Conference 2010 San Francisco
RSA Conference 2010 San FranciscoAditya K Sood This document summarizes a presentation on XSS filters versus payloads. It discusses how XSS remains a prevalent web vulnerability despite various filters. The presentation covers XSS payload techniques like randomization and camouflaging, as well as how filters use approaches like sanitization, parameter filtering, and regular expressions that can be bypassed. It emphasizes that the arms race between filters and payloads will continue as each evolves over time.
XSS (Cross Site Scripting)
XSS (Cross Site Scripting)Shubham Gupta This document provides an introduction and overview of cross-site scripting (XSS) attacks. It discusses the impact of XSS, the different types (non-persistent, persistent, DOM-based), how XSS works by injecting client-side code through web requests, and includes demos. The document concludes with recommendations for preventing XSS, including validating and encoding input and output to avoid injecting malicious scripts.
Ad
More from OWASP Khartoum (11)
Cryptocurrency, a deep dive
Cryptocurrency, a deep diveOWASP Khartoum the past, present and future of crypto-currnecy, the logic and science behind, and a deep dive into what this phenomena is.
Usable Security: Tips for Daily Life
Usable Security: Tips for Daily LifeOWASP Khartoum Why is security important for everyone? Should you care about your data? How can we remember long, complex passwords? What harm can a link do to my online life? Should we be paranoid? How can we improve our online security?
Our speaker Ahmed Musaad tries to answer these questions in his presentation from our latest event that was held on 29th July, 2017.
API IN(SECURITY)
API IN(SECURITY)OWASP Khartoum What are APIs? Why are they important in our life? What can go wrong if they were mishandled? How can we make them more secure?
Our Speaker Asim Jaweesh answers these questions in his presentation on API Insecurity.
SSH - From Zero to Hero
SSH - From Zero to HeroOWASP Khartoum A quick introduction to the Secure Shell (SSH) protocol, presented by Mazin Ahmed at OWASP Khartoum latest event held on 29th July, 2017.
OWASP Khartoum Cyber Security Session
OWASP Khartoum Cyber Security SessionOWASP Khartoum Cybernetics and space exploration are closely intertwined fields. The document discusses how cybernetics, the science of communication and control in animals and machines, has played a key role in enabling space exploration through technologies like automated systems, robotics, and remote control. Cybernetics continues to be important for advancing space technologies and enabling deeper exploration of space.
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum An Introduction to Computer Forensics Field ... Some Information's about the Field .. Some Demos ... How to be a Forensic expert ... Forensics Steps .... Dark Side of Forensics .... and lot more great Information's .....
Welcome to OWASP World
Welcome to OWASP WorldOWASP Khartoum OWASP is a nonprofit organization focused on improving software security. The OWASP Khartoum chapter holds regular meetings and conferences to raise awareness of security issues and discuss the OWASP Top 10 risks. The chapter is open to students, developers, security professionals and others interested in learning about information security.
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request Forgery
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request ForgeryOWASP Khartoum Cross Site Request Forgery (CSRF) is a type of attack that forces a logged-in user's browser to send a forged HTTP request to a vulnerable web application, including the user's session cookie and any other authentication information. The document discusses CSRF attacks, provides detection and protection techniques, and notes that CSRF is listed as the fifth most critical vulnerability in the OWASP Top 10 list. Protection techniques discussed include using tokens or nonces, checking the HTTP referrer, using double submit cookies, and implementing challenge-response authentication.
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum The document discusses broken authentication and session management, which is the third most critical web application security risk according to OWASP. It defines authentication and session management, notes that broken implementations can allow attackers access to any user account, and outlines environments that are affected. The document recommends implementing strong authentication and session management practices to protect against attacks like credential theft, session hijacking, and fixation. Developers should follow OWASP best practices and leverage tools like ESAPI rather than attempting to build these capabilities themselves.
OWASP Khartoum - Top 10 A6 - 8th meeting - Security Misconfiguration
OWASP Khartoum - Top 10 A6 - 8th meeting - Security MisconfigurationOWASP Khartoum The document discusses the security risk of misconfigured systems known as Khartoum. It notes that system administrators, database administrators, and developers sometimes leave security holes in the configuration of computer systems. Misconfigurations can occur at various levels, including the platform, web server, application server, frameworks, and custom code. The document provides examples of misconfiguration risks and recommends securely configuring all aspects of a system to prevent exploitation.
OWASP Khartoum Top 10 A4 - 7th meeting
OWASP Khartoum Top 10 A4 - 7th meetingOWASP Khartoum Insecure Direct Object Reference is a vulnerability that occurs when developers expose references to internal implementation objects like files, directories or database keys without access control checks. Attackers can manipulate these references to access unauthorized data. The document discusses the definition, scenarios, detection and protection methods for this vulnerability. It recommends using indirect object references or access control checks on direct references to protect against insecure direct object references.
Recently uploaded (20)
LDMMIA Reiki Master Spring 2025 Mini Updates
LDMMIA Reiki Master Spring 2025 Mini UpdatesLDM Mia eStudios As of Mid to April Ending, I am building a new Reiki-Yoga Series. No worries, they are free workshops. So far, I have 3 presentations so its a gradual process. If interested visit: https://www.slideshare.net/YogaPrincess
https://ldmchapels.weebly.com
Blessings and Happy Spring. We are hitting Mid Season.
CBSE - Grade 8 - Science - Chemistry - Metals and Non Metals - Worksheet
CBSE - Grade 8 - Science - Chemistry - Metals and Non Metals - WorksheetSritoma Majumder Introduction
All the materials around us are made up of elements. These elements can be broadly divided into two major groups:
Metals
Non-Metals
Each group has its own unique physical and chemical properties. Let's understand them one by one.
Physical Properties
1. Appearance
Metals: Shiny (lustrous). Example: gold, silver, copper.
Non-metals: Dull appearance (except iodine, which is shiny).
2. Hardness
Metals: Generally hard. Example: iron.
Non-metals: Usually soft (except diamond, a form of carbon, which is very hard).
3. State
Metals: Mostly solids at room temperature (except mercury, which is a liquid).
Non-metals: Can be solids, liquids, or gases. Example: oxygen (gas), bromine (liquid), sulphur (solid).
4. Malleability
Metals: Can be hammered into thin sheets (malleable).
Non-metals: Not malleable. They break when hammered (brittle).
5. Ductility
Metals: Can be drawn into wires (ductile).
Non-metals: Not ductile.
6. Conductivity
Metals: Good conductors of heat and electricity.
Non-metals: Poor conductors (except graphite, which is a good conductor).
7. Sonorous Nature
Metals: Produce a ringing sound when struck.
Non-metals: Do not produce sound.
Chemical Properties
1. Reaction with Oxygen
Metals react with oxygen to form metal oxides.
These metal oxides are usually basic.
Non-metals react with oxygen to form non-metallic oxides.
These oxides are usually acidic.
2. Reaction with Water
Metals:
Some react vigorously (e.g., sodium).
Some react slowly (e.g., iron).
Some do not react at all (e.g., gold, silver).
Non-metals: Generally do not react with water.
3. Reaction with Acids
Metals react with acids to produce salt and hydrogen gas.
Non-metals: Do not react with acids.
4. Reaction with Bases
Some non-metals react with bases to form salts, but this is rare.
Metals generally do not react with bases directly (except amphoteric metals like aluminum and zinc).
Displacement Reaction
More reactive metals can displace less reactive metals from their salt solutions.
Uses of Metals
Iron: Making machines, tools, and buildings.
Aluminum: Used in aircraft, utensils.
Copper: Electrical wires.
Gold and Silver: Jewelry.
Zinc: Coating iron to prevent rusting (galvanization).
Uses of Non-Metals
Oxygen: Breathing.
Nitrogen: Fertilizers.
Chlorine: Water purification.
Carbon: Fuel (coal), steel-making (coke).
Iodine: Medicines.
Alloys
An alloy is a mixture of metals or a metal with a non-metal.
Alloys have improved properties like strength, resistance to rusting.
Presentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem KayaMIPLM Presentation of the MIPLM subject matter expert Erdem Kaya
How to Manage Opening & Closing Controls in Odoo 17 POS
How to Manage Opening & Closing Controls in Odoo 17 POSCeline George In Odoo 17 Point of Sale, the opening and closing controls are key for cash management. At the start of a shift, cashiers log in and enter the starting cash amount, marking the beginning of financial tracking. Throughout the shift, every transaction is recorded, creating an audit trail.
Political History of Pala dynasty Pala Rulers NEP.pptx
Political History of Pala dynasty Pala Rulers NEP.pptxArya Mahila P. G. College, Banaras Hindu University, Varanasi, India. The Pala kings were people-protectors. In fact, Gopal was elected to the throne only to end Matsya Nyaya. Bhagalpur Abhiledh states that Dharmapala imposed only fair taxes on the people. Rampala abolished the unjust taxes imposed by Bhima. The Pala rulers were lovers of learning. Vikramshila University was established by Dharmapala. He opened 50 other learning centers. A famous Buddhist scholar named Haribhadra was to be present in his court. Devpala appointed another Buddhist scholar named Veerdeva as the vice president of Nalanda Vihar. Among other scholars of this period, Sandhyakar Nandi, Chakrapani Dutta and Vajradatta are especially famous. Sandhyakar Nandi wrote the famous poem of this period 'Ramcharit'.
Handling Multiple Choice Responses: Fortune Effiong.pptx
Handling Multiple Choice Responses: Fortune Effiong.pptxAuthorAIDNationalRes INTRO TO STATISTICS
INTRO TO SPSS INTERFACE
CLEANING MULTIPLE CHOICE RESPONSE DATA WITH EXCEL
ANALYZING MULTIPLE CHOICE RESPONSE DATA
INTERPRETATION
Q & A SESSION
PRACTICAL HANDS-ON ACTIVITY
How to track Cost and Revenue using Analytic Accounts in odoo Accounting, App...
How to track Cost and Revenue using Analytic Accounts in odoo Accounting, App...Celine George Analytic accounts are used to track and manage financial transactions related to specific projects, departments, or business units. They provide detailed insights into costs and revenues at a granular level, independent of the main accounting system. This helps to better understand profitability, performance, and resource allocation, making it easier to make informed financial decisions and strategic planning.
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schools
K12 Tableau Tuesday - Algebra Equity and Access in Atlanta Public Schoolsdogden2 Algebra 1 is often described as a “gateway” class, a pivotal moment that can shape the rest of a student’s K–12 education. Early access is key: successfully completing Algebra 1 in middle school allows students to complete advanced math and science coursework in high school, which research shows lead to higher wages and lower rates of unemployment in adulthood.
Learn how The Atlanta Public Schools is using their data to create a more equitable enrollment in middle school Algebra classes.
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptxYale School of Public Health - The Virtual Medical Operations Center (VMOC) A measles outbreak originating in West Texas has been linked to confirmed cases in New Mexico, with additional cases reported in Oklahoma and Kansas. The current case count is 795 from Texas, New Mexico, Oklahoma, and Kansas. 95 individuals have required hospitalization, and 3 deaths, 2 children in Texas and one adult in New Mexico. These fatalities mark the first measles-related deaths in the United States since 2015 and the first pediatric measles death since 2003.
The YSPH Virtual Medical Operations Center Briefs (VMOC) were created as a service-learning project by faculty and graduate students at the Yale School of Public Health in response to the 2010 Haiti Earthquake. Each year, the VMOC Briefs are produced by students enrolled in Environmental Health Science Course 581 - Public Health Emergencies: Disaster Planning and Response. These briefs compile diverse information sources – including status reports, maps, news articles, and web content– into a single, easily digestible document that can be widely shared and used interactively. Key features of this report include:
- Comprehensive Overview: Provides situation updates, maps, relevant news, and web resources.
- Accessibility: Designed for easy reading, wide distribution, and interactive use.
- Collaboration: The “unlocked" format enables other responders to share, copy, and adapt seamlessly. The students learn by doing, quickly discovering how and where to find critical information and presenting it in an easily understood manner.
Introduction to Vibe Coding and Vibe Engineering
Introduction to Vibe Coding and Vibe EngineeringDamian T. Gordon Introduction to Vibe Coding and Vibe Engineering
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACYDR.PRISCILLA MARY J NATIONAL HEALTH PROGRAMMEE
Odoo Inventory Rules and Routes v17 - Odoo Slides
Odoo Inventory Rules and Routes v17 - Odoo SlidesCeline George Odoo's inventory management system is highly flexible and powerful, allowing businesses to efficiently manage their stock operations through the use of Rules and Routes.
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...Library Association of Ireland Phoenix – A Collaborative Renewal of Children’s and Young People’s Services Clare Doyle - Cork City Libraries
Metamorphosis: Life's Transformative Journey
Metamorphosis: Life's Transformative JourneyArshad Shaikh *Metamorphosis* is a biological process where an animal undergoes a dramatic transformation from a juvenile or larval stage to a adult stage, often involving significant changes in form and structure. This process is commonly seen in insects, amphibians, and some other animals.
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...
World war-1(Causes & impacts at a glance) PPT by Simanchala Sarab(BABed,sem-4...larencebapu132 This is short and accurate description of World war-1 (1914-18)
It can give you the perfect factual conceptual clarity on the great war
Regards Simanchala Sarab
Student of BABed(ITEP, Secondary stage)in History at Guru Nanak Dev University Amritsar Punjab 🙏🙏
To study the nervous system of insect.pptx
To study the nervous system of insect.pptxArshad Shaikh The *nervous system of insects* is a complex network of nerve cells (neurons) and supporting cells that process and transmit information. Here's an overview:
Structure
1. *Brain*: The insect brain is a complex structure that processes sensory information, controls behavior, and integrates information.
2. *Ventral nerve cord*: A chain of ganglia (nerve clusters) that runs along the insect's body, controlling movement and sensory processing.
3. *Peripheral nervous system*: Nerves that connect the central nervous system to sensory organs and muscles.
Functions
1. *Sensory processing*: Insects can detect and respond to various stimuli, such as light, sound, touch, taste, and smell.
2. *Motor control*: The nervous system controls movement, including walking, flying, and feeding.
3. *Behavioral responThe *nervous system of insects* is a complex network of nerve cells (neurons) and supporting cells that process and transmit information. Here's an overview:
Structure
1. *Brain*: The insect brain is a complex structure that processes sensory information, controls behavior, and integrates information.
2. *Ventral nerve cord*: A chain of ganglia (nerve clusters) that runs along the insect's body, controlling movement and sensory processing.
3. *Peripheral nervous system*: Nerves that connect the central nervous system to sensory organs and muscles.
Functions
1. *Sensory processing*: Insects can detect and respond to various stimuli, such as light, sound, touch, taste, and smell.
2. *Motor control*: The nervous system controls movement, including walking, flying, and feeding.
3. *Behavioral responses*: Insects can exhibit complex behaviors, such as mating, foraging, and social interactions.
Characteristics
1. *Decentralized*: Insect nervous systems have some autonomy in different body parts.
2. *Specialized*: Different parts of the nervous system are specialized for specific functions.
3. *Efficient*: Insect nervous systems are highly efficient, allowing for rapid processing and response to stimuli.
The insect nervous system is a remarkable example of evolutionary adaptation, enabling insects to thrive in diverse environments.
The insect nervous system is a remarkable example of evolutionary adaptation, enabling insects to thrive
Political History of Pala dynasty Pala Rulers NEP.pptx
Political History of Pala dynasty Pala Rulers NEP.pptxArya Mahila P. G. College, Banaras Hindu University, Varanasi, India.
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptxYale School of Public Health - The Virtual Medical Operations Center (VMOC)
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...Library Association of Ireland
Cross Site Scripting (XSS)
- 2. You Should Already Know • HTML. • JavaScript. • PHP, ASP… etc.
- 3. Cross Site Scripting (XSS) • One of the most common application-layer web attacks. • Operates on the client-side (in the user‟s web browser). • 13% of total hacking technics (in 2011). • Neglected by the developers. WHY ?!. • Executed every time the page is loaded. • JavaScript, VBScript, ActiveX, HTML, or Flash.
- 4. Cross Site Scripting (XSS) • XSS can cause a variety of problems for the end user (annoyance “alerts” ~ complete account compromise “session hijacking”). • Installation of Trojan horse programs. • Page modification and redirection.
- 5. XSS types • Stored XSS Attacks. • Reflected XSS Attacks. • DOM Based XSS.
- 8. How it works <form method=“get” action=“index.php”> <input name=“hack_me” /> <input type=“submit” value=“Submit” /> </form>
- 9. How it works <?php $txt=$_GET[„hack_me‟]; echo $txt; // echo “<script>alert("Hacked");</script>” ?>
- 10. Alternate XSS Syntax • Using Script in Attributes • <body onload=alert(Hacked ')> • <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);> • XSS using Script Via Encoded URI Schemes • <img src=jAvascript:alert(„Hacked')>
- 11. Commonly used to achieve the following malicious results: • Identity theft. • Accessing sensitive or restricted information. • Gaining free access to otherwise paid for content. • Spying on user‟s web browsing habits. • Altering browser functionality. • Web application defacement. • Denial of Service attacks.
- 12. XSS Countermeasures • There are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. • The simplest form of XSS protection is to pass all external data through a filter (in server-side). • It is recommended to use libraries that has been tried and tested by the community. • XSS techniques keep changing (your filters will need to be updated periodically). • ESAPI (OWASP), AntiXSS (Microsoft).
- 13. XSS Countermeasures • HTML Escape Before Inserting Untrusted Data into HTML Element Content: • ESAPI Encoder Example: String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) ); • AntiXSS Equivalent: string safe = Microsoft.Security.Application.AntiXss.HtmlEncode( Request.QueryString[ "input" ] );
- 14. XSS Countermeasures • Also untrusted Data into: • HTML Common Attributes. • JavaScript Data Values. • HTML Style Property Values. • HTML URL Parameter Values. • Also use HTTPOnly cookie flag.
- 15. More? • http://ha.ckers.org/xss.html • https://www.owasp.org/index.php/XSS_(Cross_Site _Scripting)_Prevention_Cheat_Sheet
- 16. The End.