Recall & Review
beginner
What does XSS stand for in web security?
XSS stands for Cross-Site Scripting. It is a security vulnerability where attackers inject malicious scripts into trusted websites.
Click to reveal answer
beginner
Why is XSS testing important?
XSS testing helps find security holes where attackers can run harmful scripts on users' browsers, protecting users and data.
Click to reveal answer
intermediate
Name two common types of XSS attacks.
The two common types are Stored XSS (where malicious code is saved on the server) and Reflected XSS (where malicious code is reflected off a web server).
Click to reveal answer
beginner
What is a simple test input to check for XSS vulnerability?
A simple test input is: . If this runs as a popup, the site is vulnerable.
Click to reveal answer
intermediate
How can developers prevent XSS attacks?
Developers can prevent XSS by validating and encoding user inputs, using security headers, and applying Content Security Policy (CSP).
Click to reveal answer
What does XSS testing primarily check for?
✗ Incorrect
XSS testing checks if malicious scripts can be injected and run on web pages.
Which of these is a common sign of an XSS vulnerability?
✗ Incorrect
Displaying user input without filtering can allow malicious scripts to run, causing XSS.
Stored XSS differs from Reflected XSS because Stored XSS:
✗ Incorrect
Stored XSS saves the malicious script on the server, affecting multiple users.
Which method helps prevent XSS attacks?
✗ Incorrect
Encoding user inputs stops malicious scripts from running by treating them as text.
A simple test script to check for XSS is:
✗ Incorrect
This script triggers an alert if XSS is possible.
Explain what XSS testing is and why it matters for website security.
Think about how attackers use scripts and what harm they cause.
You got /3 concepts.
Describe two types of XSS attacks and how you might test for them.
Consider where the malicious code is stored or reflected.
You got /3 concepts.