Security+ QOTD: Don’t eat stale cookies…

Security+ Question of the day: What are we seeing in the code shown in the figure? (see answer below and video response.)

xss




Answer

We are seeing cross-site scripting (XSS) code – specifically, stored XSS implemented by way of a Javascript. This can be prevented by secure code review and a web application firewall (WAF) as well as (for the individual) blocking Javascript within the browser.

Video answer:


Comments are closed.

                      
About Dave Testimonials FAQ Site Map Contact
Copyright © David L. Prowse – Official Website - All Rights Reserved