Loading presentation...
Prezi is an interactive zooming presentation

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

XSS

No description
by

Sepp Fischl

on 23 June 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of XSS

Cross Site Scripting
XSS
Hacking
3 Typen
Konsequenzen
Defacements
Entwickler
User
NoScript
Websites
Code
Vertrauenswürdige
Umgebung
Fehlende Maßnahmen
JavaScript
HTML
reflected
persistent
dom-based
Java
Flash
XSS
Unknown
DoS
SQL-Injection
Phishing
Session-Hijacking
Browser-Hijacking
Malware Installation
OWASP Cheat Sheet
RULE #0 - Never Insert Untrusted Data Except in Allowed Locations

RULE #1 - HTML Escape Before Inserting Untrusted Data into HTML Element Content

RULE #2 - Attribute Escape Before Inserting Untrusted Data into HTML Common Attributes
RULE #3 - JavaScript Escape Before Inserting Untrusted Data into JavaScript Data Values

RULE #4 - CSS Escape And Strictly Validate Before Inserting Untrusted Data into HTML Style Property Values

RULE #5 - URL Escape Before Inserting Untrusted Data into HTML URL Parameter Values

RULE #6 - Sanitize HTML Markup with a Library Designed for the Job

RULE #7 - Prevent DOM-based XSS
Content Security Policy
Links
E-Mails
Link shortener
Java
Flash
Full transcript