Cross-Site Scripting

Explore the concept of Cross-Site Scripting (XSS) attacks in Node.js applications, including non-persistent and persistent types. Learn to identify common entry points for XSS exploits and implement protection by escaping user input and output, ensuring safer web interactions.

We'll cover the following...

- Non-persistent XSS
- Persistent XSS
- Attack entry points
- How to protect yourself

Cross-Site Scripting (XSS) is the process of injecting malicious code into the target website. This can be done in several ways, but the end result is the user’s browser runs unauthorized code as themselves, within their current session.

Non-persistent XSS

This is the traditional type of XSS exploit. It involves injecting data into a site and then guiding users to the malicious content.

Say a page on your site takes ?page_num=2&per_page=50 as query string parameters. If you do not escape these parameters, an attacker can change their values to malicious code. This code could take the user to a delete page, run ...

1.Introduction

2.Never Trust Your Users. Sanitize ALL Input!

3.HTTPS and Other Random Letters

4.Password Encryption and Storage for Everyone

5.Authentication, Access Control, and Safe File Handling

6.Safe Defaults, Cross Site Scripting, and Other Popular Hacks

Cross-Site Scripting

Non-persistent XSS