VU21997 - Expose Website Security Vulnerabilities - Class 5 XSS
VU21997 - Expose Website Security Vulnerabilities - Class 5 XSS
Security Vulnerabilities
XSS
Warm up
So what’s news?
Anyone listening to interesting podcasts?
Who heard about Oracle’s severity 10 flaw and emergency fix?
http://www.zdnet.com/article/oracle-pushes-out-emergency-fix-for-
remote-system-hijack-vulnerability/
Who found the most severe vulnerability from previous homework?
In security, people assume you’ve heard about anything in the news
SANS “StormCast” are daily 5-10 min updates about threats
https://isc.sans.edu/podcast.html
Cross Site Scripting (XSS)
Hi all!
Thank you for your help.
<script>steal_your_banking_cookies()</script>
A week later, your bank calls and asks if you’ve made
purchases in Zimbabwe recently.
What happened?
Cross Site Scripting
Do the quiz
Try XSS exercises
Revise previous exercises (SQLi, IDOR, Nikto, NMap)
Review and begin Assessment Task 2