Recall & Review
beginner
What is Cross-site scripting (XSS)?
Cross-site scripting (XSS) is a security vulnerability where attackers inject malicious scripts into trusted websites. These scripts run in users' browsers, potentially stealing data or performing harmful actions.
Click to reveal answer
intermediate
Name the three main types of XSS attacks.
The three main types of XSS are:<br>1. Stored XSS: Malicious code is saved on the website's server.<br>2. Reflected XSS: Malicious code is reflected off a web server, like in a URL.<br>3. DOM-based XSS: The attack happens in the browser by manipulating the page's Document Object Model.
Click to reveal answer
beginner
Why is XSS dangerous for users?
XSS is dangerous because it can steal sensitive information like cookies, session tokens, or personal data. It can also trick users into actions like clicking fake links or submitting forms without their knowledge.
Click to reveal answer
intermediate
How can developers prevent XSS attacks?
Developers can prevent XSS by:<br>1. Validating and sanitizing user input.<br>2. Encoding output to safely display data.<br>3. Using security headers like Content Security Policy (CSP).<br>4. Avoiding unsafe JavaScript functions that insert HTML directly.
Click to reveal answer
intermediate
What role does Content Security Policy (CSP) play in XSS protection?
Content Security Policy (CSP) is a security feature that restricts which scripts can run on a webpage. It helps block malicious scripts injected by attackers, reducing the risk of XSS attacks.
Click to reveal answer
Which type of XSS stores malicious code on the website's server?
✗ Incorrect
Stored XSS saves the malicious script on the server, so it runs whenever a user accesses the infected page.
What is a common goal of an XSS attack?
✗ Incorrect
Attackers often use XSS to steal cookies, which can give them access to user accounts.
Which method helps prevent XSS by restricting allowed scripts on a webpage?
✗ Incorrect
CSP controls which scripts can run, blocking unauthorized or malicious scripts.
Reflected XSS attacks usually happen through:
✗ Incorrect
Reflected XSS occurs when malicious input is immediately reflected back in a webpage, often via URLs or form inputs.
Which practice is NOT effective against XSS?
✗ Incorrect
Strong passwords protect accounts but do not prevent XSS attacks directly.
Explain what Cross-site scripting (XSS) is and why it is a security risk.
Think about how attackers use websites to run harmful code in your browser.
You got /3 concepts.
Describe three main types of XSS attacks and how they differ.
Consider where the bad script is saved or how it reaches the user.
You got /4 concepts.