-
Notifications
You must be signed in to change notification settings - Fork 0
/
blog.json
37 lines (37 loc) · 27.7 KB
/
blog.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{
"1": {
"title": "Types of XSS",
"content": "Types of XSS attacks\r\nWe already talked a little bit about the different types of XSS but i think it helps if we go over them fully to explain the differences to you and to show you what kind of testing is expected of you as an ethical hacker because we will also be discussing the small differences in test objectives between the types of XSS. \r\n\r\nStored(Persistent) XSS\r\nStored XSS takes a bit more knowledge of the program to execute successfully since you will have to test every single input field that you see. This is a GIANT task and it seems impossible but it's needed for sure. In bug bounties there will be no low hanging fruit. That will all be picked clean by pentesters already. Our amazing co-workers already did part of the work and now it's up to the bounty hunters to find that one field that everyone overlooked in their security measures. \r\n\r\nI use the same attack vector as always and I just start. I put on some music and I register and every single input field that I see gets an attack vector thrown at it. Make sure you test everything. Look at every link on every page and actually look for hidden links as well. You can find those in JS files often because developers will put calls they are testing in the JS file and simply not call it from the production application but it's still available. This is usually a dream as we can test for things like XSS on pages that other hunters haven't even seen yet.",
"cover_url": "https:\/\/assets.website-files.com\/5ff66329429d880392f6cba2\/613afbb3f677add6ebeb2123_Cross-Site%20Scripting%20(XSS)%20example.png"
},
"2": {
"title": "Reflected XSS",
"content": "Reflected XSS\r\nThis is by far the most popular type of XSS out there and a lot of hunters and pentesters will focus on this as it's the easiest to test for. You don't need to know the application, all you have to do is look for reflected values which makes this vulnerability type a little bit less useful to me. I would like to get to know my application and find all the input fields that store data in the database (which would be stored XSS) but I can certainly understand the appeal here. \r\n\r\nFor reflected XSS we are going to test every single parameter by entering a random value into that parameter and seeing if it's reflected anywhere in the response. This can be the JS, the HTML, the DOM,... ",
"cover_url": "https:\/\/assets.website-files.com\/5ff66329429d880392f6cba2\/613afbf22ae9a2e291c42ce6_Reflected%20XSS.png"
},
"4": {
"title": "XSS Attack Data Sources",
"content": "XSS Attack Data Sources\r\nIn order to find real-world attack data, we analyzed a variety of resources:\r\n\r\nWebserver\/proxy logs\r\nWebapplication firewall logs\r\nURLshortening services\r\nSpame-mails\r\nChatrooms, IRC traffic\r\nCommentson pages\r\nURLreputation services\r\n All of this data together yielded approximately:\r\n\r\n100s TB of raw data\r\n10s TB of URLs",
"cover_url": "data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAATsAAACgCAMAAABE1DvBAAACUlBMVEX\/\/\/\/Z6tUAAADy8vL\/wAD\/JQBKSkr7+\/u8vLzD08C\/zrz\/QP\/19fVNlD339\/f\/yAA4ODg4KQAoKCjP4Mt7e3uVlZUbGxs7dS7NzM0RERE\/ezJTiEk3ZyxldWI2biqS5IFir1I4BwA4DTigrZ3g3+BJjDrS0dLDx8JBgDOUoZJFhzdocGa2xLLM3Mh0dHSVcAARDADWNdZPCwAbAwB8XQB+iXyQhXuyuLDk9OD\/\/\/VFVELY5O+lqaV0dX6EkZ2BfXivvMe5rqIzdSPrIgAraRv48OWhloqjvZ\/N1d1ggFlyj2zp6elPc0j\/zQDX0Mj\/9OSdrLrs9v3IHAB8EADprQCTj43QxLmEh4zM2OOMi4vBtKfd5tyUtI4jWxOfn6CssbYmVhi+GwDuqADNlABnDQBfWACmbwCaFQDnsQC+iADnO\/LLuaaNeQB+TQClvL2Ona7t4NTezr+svM53qG1WlkibvZW0zbBvomQ4hyNwg5SDqnwoeg+kkYBnaW1umGYPSACEnn5mhIqOoqNSbmxzcFOKinJ+jIGTiWoZLRQjRhoZOhB0iHBvYi5UZFRAXVeiq4qCoJXP0q5FVju108pnZ0SWmnd4mZO6LrlhOACvkwBlSADhMLaDJ6yPG2PJMcT1O+inFwBINS1BOQBpH4h0GWNIFFxODzysJ5+tL8iHHXJDEEyydwBOWWqfh3NzZ1l2agC9NePCngCXJpnTkQDhPf2vI4GLKr\/NLKP0N9M3FXAuHwBLTgA6T2h1RQCcHmqFJJcTABlsG3g+R1VyW10AB0VmDi6gLsvCAAAgAElEQVR4nO19iWPb1pnns+AYsMxQbU1k2NSe3YwQMGoketxJKKMAQcBewLDhgQDHOEilgBPnsKPEBNlZ10ylxnFqd2azWSczk+ZorsnRpFPZidMr051jp939v\/b7AJIiJZI67KTpjD8dOB7ee9\/74Xvf8d4DQL79jS3Tnoj5z0xV8u3b\/8tW6aBJ\/jMTQ7599+3\/dWt093\/j\/tDs\/0EpwW6rdAu7W9htkW5ht3UC7L65Vehu6btb2G2VbmG3ddogdufPn7+F3Woagt13n3766b\/qAve9\/37u3Ln\/fgu7VYTY3X373UC3r2xu\/x4mzZ9Pjm7\/3nz72u+e773y9ru\/eQu7b969ms7PJGnfSw+y3Yu\/e3vfZV9W7KhRoWL25sWRg7Gjk7Rz55MDkMDDD57DEzvPj8CONqmNVmoi\/9n8EOTNta3j8\/Saq\/LDQNCK5b6rO4ylW29J2Sib69FA7J6GiqCjUil25753\/vzd5w+TtBcPwU7Ti8Wib2ykSi8HlyqkViwTklmDdw1TV5WjLRWDnkMKM5WK9WHlQ+F6kqrlio6QMCYSosI2ZyCyzka43AABdvcM6rIziNV3e05+l6zF7jtd7LRiLld1EY11ySvmIsZtkbhqE6GyJPan1pJUuf+koLM97U1bX6sOu1F6USRxEdHWc3U48hmpogB0PsNUbEwOhmTcLA3C7m4Q+Qf\/inQ6bYrn4f5jhK4Hu1LOhy5kRslBIktUW6IyFN17iJcq8L\/d4UrFFLtuck9qtn0um+lyS+Gu1neLOldRHbWs5bDL6jkZAXRA9ES8SKggZLSJ987eMlr9hNit7rQPwvm7z0OnzaZYgXOXnCN\/1S9293SxS28zkl42K0sBiA90EEBBc4tL0IW0SnFpKeigY7fz1FFac5DTa3croEo7FXNCzxYqdQvUF0JcauEpGeUWMjlq0u1F6Im+g4AswWkfMzaKcsqRoQNKcTGX1KtVckaH19bnhx2iNnM+EbTvfjNReHQiOvPf++Yw7LxcR4nouUquKtaKfiTloHWlosIxsMnlOabNu5rLhZjPKspaFXp6VfSKMm9V0hL0dqoAkszoslD0K75PVxA7KNnNFZsWZGKrjg6lQ1FFNgcdMy7KXA1yYgm1VBFCGjIF5eQiKi04SsT55im8BLtVBKcf\/OY30cfbeR4O2x4LmX\/6fP91K9jVch0NpedADLQidpRariUUc8jnXG8vE0rFXFF2ELt2ny0VUX8BFtiydmqjiEJkaogMqMUEuzoNiJTbfTbFDqQV7htkBuEqpZWoaZ9EmcYSQfByxSgRvFzRptuFfV7YYfeEzfepdAsnZmbmE8k7d34odn4HO2yFlbQOEHT09K6jENFEkKJIApgsaEaZRuwExA5aGUWR21FDmOp3EUjUVYod7iUqLBGcBDvEO4bKvEQvlNscNHHTALlLbmgWpRNuAO1VkjM3FbuD\/dB9H72TB4FQ3J5OTp0\/\/\/2DiYP3gyHY9fRZxM7LtdrYJR6CkSivsgiuRjHVeuCmBHEHO5CMKpLS4QnclGAFO6cXOzxeix0Np6u5VHDb2AmVHJNr+zq0npSC\/RjKuKnY3dkveN\/oTZ7pAHsPQkrGe3G+p9dW5JQOdgaq63JyEttIYTeD3oeGj6I69rSSU+IVuVvt2lRyQW0wdljmQLljpKjNTIo6aFzs0h32UuwSXZKK8k3DrpcOHu5LXzmPYrjzYO+ld\/b6KGjGrHKKnZaYXRVUFWhnoVhGP6Jj3rScQaPciY0EO8A8m\/oliS+jlbupqOijXuxAk8L1coJAth+7xaJimm1XJrEVGrokoAyUhswRGm6f5XOJ3Dlrwo4bwu5P+rHDLns4IZS0Bw\/e84ODiNhBlJhzw7ADTQydE+BJsEMfnq1C64WlkHGL9bkl8HfbXQpwQKqntgL04VLQAD+DrSZespYkguSgfWQrLa3Ygx1UkUuMQq64JPb12RjOLLXdnMTKqImjAqGLhcVBrnbBSseH+Vywwy577vsHkX4Au\/Pff5rMP\/iNb\/wgGUz5xj1DsCNZpprzwQnwwqQBlgsGAP0ut+gDv14l2aQwS5Uci8IZKokXB3bZYkFfRXRvKgpLkRUFKcTehv9LRUNNo77YLcq0FxrECpNyIoDKyFIpXihyjhAmbGhSKMbgxOCBGcLWSAC9ib5xH3ZJl21DdBB7wT1Pr1zcL3Z92H3+VBquplKN2RGodYKu0s2Myfqxg65JtSE6OA4XPHhndwzqcD909\/zJlwU7MKosBKtts9oYKVha0R+RuilC7O7soYMPnjv3g4Pp\/j3fOHf43DcOHnx6fH5+fubwnQfvubOPvmDsVg8b9JAWgi5kO4MDpVGBg7e0ocGejdBq7O4EPbf64GBKd66mLxa7Lx+twW4TdAu7b\/\/plrE7eQs7QGELdAs7xG4ryCX0zC3stgrdn97C7hZ2W6QEuz\/dIt3C7jt7tkr\/6bF7Ye\/W6T\/7Wu0qn98q8RteCfAfkgA7kt0q3aQxxD9WQuxu0daIIewfmoU\/WmLIjlu0RfoK+crYLdoa3UG+du\/MzoE05DTQ9NjXhycOoZl7xyY3m2drdMfY+GazAHNTm65nfAywO7BtAB04fOTCoPNIM2NfH5hnFB24f2x6s3m2RAfuGNt8Hrixm27R7qHYXTgyc+HYkPK+1Nht2yJ2m840HLs9UOKRmcG5\/iix292mQWk3G7vdBw4cG1jRHxd2u3eOFwqFPM\/zXEKww8OJwnivXNxk7A7vOXzk6Hp9tjCaxnvZG4WdtLlYcHZkm3qxKxQ4M0sPIorLF3Z2mVvBbpxZt3pmZh3sDux85vAw4epgNzObzYygbG8bR2G3W6JHlbO23CH9YQ12sxlCDw0oaZLvyF4PdtPmutXzO0djd\/jw4ZMXDh9eFztqBGV62zgau5HljCx3FHa7Z\/O8mWkL2gpmXcHLdzpGL3Zct5q+TU\/1\/PhI7A4cPXZsz7FjxzaMXSZLZeEPKsqYK23sLXE97Eyzl8tsz0FmFfsbxg7543CYKNV2JlKq8uAUZ2bMDkeDsDN5aA1IWSGRNSrbZWM97LYdOHDgmZ0H1tF3K9hla89qkhVRULF5yTS7bVzReOthl+Fne8GbOkvDvcjCHx2fzYPQbE3u8F5mssmdSU1FAiBFoY6gKG4EdtmXJy9aFO8ZEjdrxLPULGwyG8MO6Jmdg88PxI69xL1Qe9a6dPESM3W\/2GnjDFPoqpQR2M1IgBG\/bZbrgJeJnzPVvcYlqbrAvFCY+vakcimzVewoanbWgBtBx\/A\/S0vJ\/ZCShNHY3X\/xknZxr3FZLVz+4aWLl617N47d7me62m71BV3smGy3rZfO3h\/L6uXL93KX7u1iN53PJhWBAA\/H7sCB3dPzllVAvrsIxffunZqVhcsLsxdjKSf88GKP4NEj7WxPXLG7QCdlPZvRo\/jy7HMXvSlDii\/zU8YlB\/kzB+i7jvRnX5bkxamL6rOXF8XLl6byly5OtXlYH7sDRw533LvDx\/qjs90zY3fgduexY+3GZiwzw1scA3JtFXizfYMokzOpDFfYdu7I0d292O1O\/9LNuWNHu2I0zrchiqcUTzJVRZV4Rsur4o+C3v58bIgNS+mOsU55F45NYnmaHD93+bLTsEtT4uXLlxxr6lnELsMd6Tj\/K9jNHHne7DCfobB\/42+Gw5+O2K+r7y4cPXA4jclmTu45eW7bySMHLjzT3kyP7Tl64MLJY3v2HO0IXqLR20a83zRlssyxPSePHjh6cufMd2DzzO4Lz1w4cOzktnOwOfLMNih95dbszLfzZjOp9clicdmstFJedvY7eyDzSShjT7I5ApvvXMGjw+BWHdvz9b8+iZsDh0\/u2fMMn0HstL0XvXtnFcCOnYKdey+iCsgePbkHWzOz7ZkL9\/7NyZmZk9go4GYdo78udueOobFNGrUbytu57cgFwBI2AOmR8bG\/gaOjR09264EWZjsg9jQzsZbM7DG4EEAbnzl24cCFY7tnjh2GWwPSCJsj2yBxRYzG+UxaSucGtI1bT3My09\/Zswdk\/vCBo0eAzWTTd\/T1vz6CmwPnjuzZ852kY2Sp1PCA0UBtl01NT\/b5kydRQGa2Hbtw7\/84NrM74W7Pyal2ZX0Q9tj6dbE7mkhz2mvPHT2c6rwD7c3M2Fiye+H5TnELSmxDbWasZEFftKU+K0n5rClNjs9cuJDqu95COpvdF1agm+YShkEFwA+KHW0ZibGF30ynLZnJI+e2DSwq+W3ruwPJUND0KBkynz\/avjDts1jI7iOdNmXvh35tJk5XJmN6RqdV62M3fqDNQIezXlpjKyjt2YXC\/feqoFrVqYs\/PLtXSW63NJnnp6Zn0jJG+Siz8\/PzYCs6hhZuxf9U7p+\/LKoXvbOMitv4Mne5w\/xoW7Ftja0A9cl17gAqgkz7Noy0FRR9r3f5hUuF5\/byUxd\/dPZHZy+dzW4Eu8N\/e3jv9LbpneM7d0\/v3rvWVRngo1x6rvHcxUtG4+Il7vKlrPosJmRmx6XJ6bbiXsdHAY52rzh42v0XL1\/80dTF2b2z3xYvWexz989eLFzuKutN+ih4L2YlyZid4tSImpr8X1yYFjTKRwHsasH9jbNgbO9\/dq+5GHjPbQi7A3sP\/PDK5Avn9r4w\/vyLe9cyuha7jJXP1hRNMuFHLGRSNxL8u+mVcHszvnH274O\/V2qX+b17Z6WLl6yL918s7GUudWztVrC7rBqX79dk9YXJIL7YuOysj12GsbhCbD3HaFI+lsyzXseMrYPdCwf2vvTi5Zf2Tr38\/IvPrx3EGxSTZVJ7kfSJdkS1uXi2G8olNz1DYxdLo9AkvqCz3TBtK9hdrBmXL90\/u\/feAv7sFdfHLm2SZmRTm5\/pWossN1Lf7YSf3TPbdsLv7pmR2N2kcZTPZyyg\/97S96PH0\/akkpMj49lOxjXV88zIcZSdXfsw0G\/uYifxI+kPPQa1ezbpBR3qv0EgzYPGUWbNkfKQyXLh5Kjxu5f+9u9emhq\/Mj0+Of73k1fWNrmL3fTUSNro2OfuzY59bnT8bnpKymNsk+nDA3u\/yfGMNDlo\/I5ZZ0CXmWzr8MHYvXzlxy9fOvzCCy\/\/3eVLu59fOxrdHTdeZ6axt4kjsZue3BSNDytoNXa7d05PTk1JkjTLdIeDCwwDRndqanJyuquNerDbuW7tHfM3GLu9O\/c+\/\/zOvZOA3ZXJK8+tSb\/p8xW7N0kja1o1XzGzc3x6uu\/mwOH4zp0zvYasZ75iw5UP9Y33Pv93w7n7Y5rradNo6G\/yXM8o+lJj98XObe8c3yRNj31903l24pqKzWbaCuGaik3nwTUVm800PXZrLc+W6Q7ylTu+smkaG\/vqpum3Y3+2eRobu2vTtBXm\/nzsa5tH4evka7lNL9qjx\/78Lyc2SX+5b2z\/rs3S\/rFv3bZp+oux7Ztm7r6x\/ObXLo5tBTtq7M8ntq+miYG7K+e+SOw2SxP3jTGbRiF749idOZNW\/3P8fz2FaWL7qRPXT43C7u1Xeo8+3Ah2Dz20GqVDx+HvnUOH1sXu1Jozo7Cz2o8uCxGX7tGE7yYudp+Yv3HsHv4YODt14szppyZOXd\/+5KuvnTgz8fqp7Y+dem3fYx+fmuhyvQq7n7zx5idvPfHW\/v279r\/9yq73Ye\/tt\/bvegUPhmB36FvHH7ntoUMPPA7\/bnvn+F2HHjp+\/IHjh9554PhDdx0\/1APgWuwm\/uX0qVOnTp8ABs\/A74mx06Owm\/sHW8grdJ4RyqrjGXFEfc1gCWNoeXzie7l73U3A7t3XHv7q9VdPPXrfqScfO\/XoU6fPvP7a66ce3XfqtfvOvPbY9fs6F67G7r33X3nvsw9++uFH77\/1szd+9tYH\/\/jKG++\/9cbbP33\/jWHYPXLbI48\/8MjjDz0AdPz4I4ce\/4vjDzwAR8ffeeTQI4+PxO6pE48+9dqjZ558\/fS+d3\/+2omvjsRuwViKW1eZ5cWofJVpcd41eylbXlSWPPmaQ+KVNxauxm7dJyboAXL38G9fexWYO4PYPXb61Z8\/CUf3AXa\/eG372PWhcrfrJ7\/+7L39u+769ZuvAI5v7P\/NJz975ddv\/3T\/E0OxO\/QIYPbOQ48ch91Djxx\/4Ftt7B565LYHevr2QOye\/PlpuJfA47uPXd\/+1ZF99pr\/D4XWIrO8ANjNtjI7VLtIyleDote86pCrKy8taGN3tfNmh6VYSbaeo3beV+CtvIkybi5GdbJG353afv31M6dPYX+4fgL67OlT8HsCT0zc1b1utb7bv+vtJ3a99cqut54A1ffWrlc+evuJt3Z9uP\/tD4dhd9s778Df8dveue0d6LPQcR\/C39uOQ389fvyhx0fru9OnT2w\/debJtM+ePnV9VXofdnmi1crK3FJE8hZdMyxGtIw8kQJNtGhhpcu2sRP8MikWxVIlKMaKLlsV5VpL5yplbanoIK56qWnllFq5EP0DU\/fKTh92E7A7cWaQaQV7e2YYdhujDdvZ4z32YpidnThxOnEBBrC62s5qBv4O6nY9T4Gl2DWgJ7fmWr7QyjXYFvEqrUXxqhssRK2FJiFqq0SWrrHhMmnUK0JraZCPMtGBcaLNXLrXe8UfyEeZ6P5O9PA30c\/fDfgoV41afUcluFZScg2lFOlsa6G+mC\/nTMSu5iol166xxiLr2RWtpfvOWuz2TZzZfuL6Y\/tO79sHB9CR950+s6+vZyTYffbJrlfe+nT\/h58+8SH4JW898dknb7\/1ymefvrILzkCv\/RR+cf+Xn320661PPxqG3UOPH7\/tcey\/0H3Xw+4E+Ev7Jk7tO70dODu17zowNnHm9MP79p1CTldjp7FhqvGtvnexeFF3N9J8xunFDkgoEzL0LbHFVcersZv4xVdP\/\/z6L157dOLhJ2H77vUzT05sf3WA3H323tv\/9q+\/3PWPb7\/3q0\/RWPzqvZ989MGvPvnNR+\/v+uyf4PjNV974zUcf7Nr1sw92vfnLf\/1kCHaPHLrt+F3HQf09\/s4D62H3i99eP\/PbE4+C2\/Tkw+AETLy+\/X9vf\/XjiTPXH\/54gNzFrcWA0QxP8UQmJFZEVAP+zf0zMZmI1BQ4DPXlmgN75Kb4xtsTO\/bx9o\/v2\/7V1x5+992J+058\/Njpp578l319nkDaZ9\/\/8JN\/\/bcnfvr+J7v+zy93vf3ep\/\/+syc++M0nb7\/x5qe7fvPBWx\/8+2cffLDrz17Z9d5vPnnzlz\/59RDsHnj80APgsTzwwG1j6\/bZXzx53z6wrn8JfxOvP7Xv9Kuvwz1+FbF797UB2P2uVFhu2L83VKW1wPzumrIkXgOcar\/z7Kvh8g6pSX7fsBdDm7552D387r53J179ePu7Jx5+8rHrr+\/76qmPzzz56vUB2P3q\/+5686MnQO52vQ\/q7P+98at\/2vXBr9742Sfv79+\/\/\/0P39j12Ru\/+ugf9\/\/k3z98782P3v\/lMLl76NC33rnr+PFv3XbXBrB79bWnToDD+TC4d09dP\/06SN++f7l+5rWHHz0xALtlNfr9ol34narUF5SlvKn+s\/UVouWvzbauMa281+IQu6hl3Dzstp+eOLEdrNiJU9vhX3JwCn4HYLfrCfBOnnh7F3go6Kg8AX7KE3ACT+7HA0h\/Yj+6ePvfTv4PxO4QuCW3HUoCsnWx2w7OyYkkKDsFfEFsMXHixARweXr7qZ5ArYMdzXOEMinOwZW\/DsUTnuZMQninUTeJyRGOMrOU2X5r+k3CbgP0xz0WQA14O9fWsPuyj0Ftlrctj0HdGjfeKt1xC7st0x1b03df37yEs2P8+hfdDLpjbPPvgMhtOa6gpW7wxtEkXvf1vwl2lkOy7XEXQVlzSVpIuxHJWy8BO83RnHFDmHaI6SSpaxle3Wxm9en+OLPz\/ZAsWTmN2MXIXLaviJGE2GlR1yBAqYUO7wMa105JsHNNTmMIx9CxwdGWKsYGnTeJlcfvlZiaYxlC3iDWCncJdroSt7xWhnEExrQ5UnBMULeMExuQi1h6AGHNQgtOcIK1hEyh3E1Ox2epK\/MU4RxIXmxKjEMzWZLJGwUnyziaATloyM6LloGuAENCLCGfLSnEhBbB6Tl8WWycB27xN+SAr5jJLnEGzThmwWljpyvasrVEFUTCUCE0RTTzFEMTjYFazPxao4nYsaYZJ4VaBk\/yLGSi8o62NC\/nsb4h2Al1QnzNrlh2yahZdi1fruTrNPEqXLkWRJ4XqFZdtfxit0rEbk4JNRt+JFk142LgyS1VJHFdK5fyspqv1wzfJI3mQtiKy7QMHCfYvXSWXDmrTTnE42ST1ESdk3VJJrFd4kKXCnWj0SRafcGQ43KFCSJTV0I1bOlcvQZlB0sWX65w9oJIrJIhNxQ\/tiPVappWKWCFekj5qiGn2GlKSGRNphloAFVqNuRyrVlTaMJSptrSjbVvSwXstCYR5LhZbShVM\/QC15LLHogcK7RqxlJpwLtpU7mrUJyvRb5QN33ATi3IfNyE8FY36o2majcUYBDOr6grxE5lXLM+Z9eUFmBXVTyFgzCa8iKfj+0GU1cDDjBp1gyj4dM+bdKInTA7aWZeNrWzxAssmSyIIfFVcEfjQCWInZmzELuaYWsyT5cC3bND1eAAhxrwXmHKgsxrNuAIrCXYNRE7Kqc2q1qdBeyIn2BHapEuyoLcsBE7N\/QUviZSegDYqUpZIgOxE2SKA+zCuSbnS4idwnugeKpCvWH43FD\/LiuJcUR4wYCeQlt5x2IykMtiKENzQBIYQxBB7pU+7HiimXmaoSAxMjmOZgxQEqAyoANxpmNBFxFR1TAiJ4jJqARgF5saP8lZkxliUiCJmsKB4x6ZRHPAZdeiLKgFUDvQR6AnQtehNQZ8eSiB8JqCY5I8MEHnFWTN9BkCvxxHPOizjsVBfiiFT+WOI1Cp4wFzBIows55hOjiqG0cZ5HOt0cI+GwPzEeEE04MamTzBTFAVlAznB5if9X1jbkCuLdpZbvLo8\/Bz9PkLIy\/c2Au6uOR3EH2xdhYpGn7RmiTErtYrxckHSzJOO3KJV5QD3mE6BWO1j8Kl5zV\/xbwRD2xU6OBwmccoIxkfwe4a7PpuxgpHvexgn1V6ruinngaBbu7spbYisJy8GzoaKxI6NDxFYJB7RQsdSxLBGqwuK9F3oYHpihAmV4Cbo7YWW3AqDq0gT7SQVhUrskxGWVg28aXsqO8k0cJxMIvkrYj3lrEXLrQkSkLDpjnJO95VR8APdOzgozg0RYjGUWGrOHQWh5zDm5IIqoXmdcmBujwoWAtF4LIfOzoU85oIOVUFSrjW1JLraNUAJaYBR2UKTuRNJi26jZ0PaksTa0ZyXoXWJRcJvKrEASTEoM9j1rnajx0JdUZhNRs0N1Edoi7No11zRZ1thdk6aOqB2Dmsptd1Q2VlF\/IJYFCDRhCX4Pp4GQyp3QiIS3Qw0lyzgfWhfydrS6WoSXTCqo5K2XNKBPZEpaRly2rVsORrDtEDreoQV4isihIt5hVXJJ5YA8hk0hDBNIDM6YoSClHJtatzNomBC7qXRbAVKtvSlrWlYhRAl7BVApeCLCQchY1AnQeOwHh5AfQXdbmDnR0rURy4IhhZveaDkY3rWaJborpkGZBWLDWhnfJC9zal2NWUkgNWXs1jDVarNN8ECwOtYYyQ1NXCmu8qJdgpoT4rW77HGHqhTBr1clxv2Pps3QWZUginM3UDsLNsV5M5MHEJdjWbzZusoTIyYueTqwFiZ9llYdmSwev1DJa37LwuInau2tTzv3fyULjNgpmv5i07Z+GHMZRrTkgiNW8idlCYRFZh5ymGF3JyPq4Dc\/VaIIEPDRzZvEtYKEyTTTS6Htj5ObnYlTtVrOpBXkbsLNsAB6nWJHFLk6FSVw1CcAvdgr0au0wWHFFCJT2dy5omTWWyhMvAPoUu6Zo3BCJ2lJnB4awkGa\/ADf5QNJeF4jIcuLZQpqfA+SyXyh2kJ+fhKopg0dAN6AxcANXTFI1nKIrDQ9zLQvWgmdA9SOqgsXT8WBmyi\/l5GrdJYb0qDfUdl0mLgrZwWAhPY83AL6EaHY7MDM56cWYbOxyfM80sh89NIktZLjFG6KJnsxT84RGffqKkB7vN0ibsbKb7FYJB8ezn8t7GdexsZlDqjdnZHvtipoYP+wHOcGvpt2567CpiFztqsm+tnBZQrYFWJcSYa66pqhc7UL7JFjRwp9h2YrpkYfQ7+TSF716F7qsg9jGYYpf0oTRlDvnSBn2YQet0QMSul2mdqybFCamFdbsJPfe\/bSs0Q89xOxRdAUut2ldbWjVoVGUiVMumqyy2uGpAwIZ2vmeUYHdVVl0lrnLXQCdUjSjmq75gN3Iioy+TeAdXBrPTb2PQzrq2xdoxK8dBFOd411aXLUf3M1XfIYxVtbWcETEkin1Zg0gF6ldiUVcs39FBEUMmz2RlzfUFhYH02Ac97FZE1wZDXlVIbLi+k2KHPjmj5aQdfKBWJYj+1Dp+tyJbMlTfDGpOpNpxVYST6nKmYqfY5ePf8cC0DjdP9eMd0jI0uuGry5SraNUy1MQoc0w1v8Pw\/KzrS3YHO39O8eeaOqmSULA9wxNLks2C3C04qimB\/YylOmkEeurGtbEDm0fCWAcjRuDquDXXbBhRSMIQnaEIYCz4rrMaO6lcE1UvWGCCMCSatBTDbnMugtCPhDUnhLJsibBQSi2qg4cBpQQSd01SfHSZ4qBmBY280jAgyo3kEOSuETREqaw1NalFGhAFN9vYeXkjBFmJ5jDEAk+0poDcxYo9Bz+RzgQ1I2khBoN0sngE5Q7SPKYFfhpTEiNBWZQilsw1F+rAT4kQSVQZ8LVCUpZ4uyHqHexKOmBnLxpVoks2U27UvdCAGJzEcrnAlmNZBexi2QvrvdiBMxKqEgS0BK6WGL5czdhqqOgaiENl3vY4t99\/xZgMLL8sN3zfCqA0Rl7SWguG73Id7BosX6+FLQ\/8HXAzwQDmSoZkqxKH2PmmX2ODy+EAABUfSURBVJz3fc2vUoprhQZcCI51iffLWtkL5V7saGEHWFHWqFhNdq4J4NTKRCtDPaTqiovG72nVr4UGYteyWL\/TZ3MWyA1+NqhaEgFyaJUecmWLVTx2CfzXOphcSdENXTIBO\/dm2oqU7xFaOtV3YOIba3XhRgkqwch2NN2smGx1KfGqsZQOdpszeAPt7FqGM31HKXbrN6vNCp0ZlEj3XTOYALseW7qxFwn3YJfWm8n08kBnB+RJsWNWhQ7WiO\/dICF2aF9XDal2rVYyShqLtdX6bniJ+c7wbuy0lWo8TDpjhxG6CwgHeRY4BuWAh5dWtzBsFDzu5a4Hu0T\/aU0JmOoa3oQZBfcEozsMmsazO7hKRVQh+NEViTBV5qrtsYHu+rkh9ywZCwCrFC+bLBuXLdBCZY4N1VbMKjUwj5HuKmRRrrF1je26BmgrQC1pZZ+SZLS1rEIavhNWLShoydF2GLobkKt1FS0xxGrlnLnEuVUrKGWiqgHaq6iAQ1D3mPwSt5Rz3Kpox9GgDxchdn7dEyPLDdQQBxVUJ\/Rkiq03yo5QNWqu4Sp65IlujipWzOS7tIhdKIOBF3CIV\/U5wK6xBJwRFsTKLQWqb0FYjm3rVtkecyf1OSUHATUYMyYAQ+uUIogY7WH3LInJwP5T9ViG+BAC2UIT9sBqRYqKfh6YEbCBC064EHUNBsZk4RLc0YYS5pgIuI\/A1HK+ZDVrVIgDtDZ4dwtovtUI49wG04SylVk3FBm+wvCg1BuRHTXEUKjHUXPOtsGMDuAukbsQsPN0G\/yDZRQl14xqcuSBxmKMCmNA5Kl4s8GcYseG18ZOCMtWoHrYW6RSHrAToHzPkkMnbs4ZUoWrC+EynJT65I7ofDSnqCzE4TJZInDf63CbJaHpccoIuQNHqWK6iF1Z1poCuGet2FdU\/IyiRKDxMrRAq\/Zh54O9W\/Kpql\/wwTdUiFUV9dBqwr0CmQ\/0Ko7aS+D6oLsGwtwUXJ8sOmXBBVvH4fBKy2qCfwBOQuBWHd1t6kPkDrAzI3BAVdYzIizL8s0qDk9orlJjudBWZXAE\/Iwd51noawl2VR+8IArlzq3km8A3mGmPcuH2uCCpFbHEg58nNNUOJmvsbL8KiwcrvlW2YrUBGkxtfaclOsRjb9aH\/dZS287i2NXGiL+RmKxtTtKAmhtkU9pXt0NuxM4cogvpYcO5A2yFsBLCQ6zdGQgeXn9vmjbUniXYJUWtmd2izCE1bB07Hm0\/nYSj0KGTatNPbNPJkDAmJt5Bx\/al43eds6TX86jVIQedZgFnvKeBCXadotJfoSN8NFkwRaLVYScEK02n9dOdgldy8W3eNOx\/cOwNEPkEOxbLbK6wnlLbtcSpLLrPX0qwW6lmJdsID6cdk0E44YWc4grgxNuqJ5c1UIsaKICIAVvn8ktWsSSq5V7sapG8APGHXKNajUg2wSCW0bIwDFhZqawbrm7kjIrSh90cxBBFnnW5HCg3lytzEfjvxG4YUn2Bs3WpblWMpfk6cgMRbE2y4b\/G+mqdqipWKShJSli7KFsSBBHlhuxnJVmtr20TxmRROWbtxaYF4W7khRANm+VYYX1LrjpC2dA9iCfqqr0CDOq7MjLnsoEbQdC9CPG0WYUMw921NnYhgfBQiAA7lgB2OG8KDoQckd87rFBmOFuIoOoi3yt3dLjgQIg7z0IUqxbKDI7oYpBkRBjohs25pqX0mkHErhlDRN2cU6K5qMzM2xA8h2DVojhsAXayUA\/1ICRoLdRQxOhad5ALU\/KaRNLBqNYxcsOvp86B3KlWWG4MlDuio61WPDHUGZvoEUSzbshaMvCIk7uKHjchWQtXcEnmK2Lgy56D+DNJzEiMzFDqcF2eYoeDF1qVM7xQsULFs0TP8sGqhZFFKTUIHE1FYGIjDLlgBTu4tuGA1QKfS4lZRw1NA+yM5xAm79GMJqpsFkrrsQiIXTkUDKKGdI6lk1KVOQh+Y0Vjo4aJtddCsWYoDGEgMCZxNcBl0RKIQVYHlIMS6zCWw9TCiAgsMGmytjbgO7w4t81GAqtYDpZnm\/iRyzBjQ0kmiKDAGh5dNSE5XPG\/EbtiSDNEBc7AFTRq4GRSasSx5tBZpWHxbByOmIja8lqezloSoauYh6198cIBzkc7l4Uf\/R1BG49nV6waYrfZ74MOxG7NBOlqA7k+dknE3m\/mhsVkGZ7nhiDYm2EDawvbjyIBdlQ\/eivlZDKDmdi6nTVpnHjgiclRyaB81jRjGSLCDEeZOIuhrrqRiB3NJwP8OLGA0wEUTeGEgAP\/MAl8XcL5kLUiUu27i9gltcAJPUi3FVACWegetpnMLDhQW7Ks14EyhSWKhQo4OpnkID7wiIckQxHcg\/iRIiaUkeWSgW7OidtzUrguIIulZGjMAL6uzoGFprNcLJtmOGD+9Uaw8+fsogFxZMkooeCGjXo1li2\/VVNqtk\/p9doA7GLdrtSaONJZMdS8XBNDz64pEBgHxLUijBPyclxquqLX\/l5xEpMZYV7WmTqaWbtUsF1UoBDyyK6ZK1pQZRm8nCWuHOeKYA+pimpUOLeUTwqNhLJuhqqhXBUjqBnwB01b8ZRSychxYABcS+5gR2rzvm6WTQirc1wOsCvUgUVViesNA2LtAW751rErx7bGujznEtOns8kUptnEBTDOghgyjDxI7oAfX6g34F6bYKb9msh6oupoPu8QHwwkDWZS1mfBZpb1oI0dB+5VlVQlAtFaiecgLFUdKsEO4sZ6vhE07DwR\/BJvx3I+KWZOYYnPW2Uo1A1xLLoJFpIpiTi3WBOhcgiCfV6ETlJz1I4XkGCnNALLrvImzjlDvI4s0q6GY9sVfoDzvnXsLIbDeXAzT8CqioQ3HZ5IGcmIndjhqchYXVkid5GRF4w58K9qkFUUpLzpJPP+WTA0joXreow4CmLDaq+ZwD5bQ8cA1wDAVuSJESt5HLrSRI72Ik1MJum9iDKSp5Asg9c4PikNCs1rHPAD58HSEqgZyicyKcFxROGyAMloz8skfZYyNFMS45Di0X3GGrEUwnAmCP8A7ZqsXbTJgKEFvjvzpIleX861tmIjK2lWbIU2bHRsLd38NbNQ+SALstVxYyYikhlS4EKBmc+G4HXagHg+DmWAuxaRhZbHKsKKkR815j50segqO7tG2jOdAJnpbQTqO1FzPEOASE2o9ueykvHWabE3w1k8ryA81iyeb0wX0oT0okIfp9jK9lEvdp2B356BZsbs3O+esBaxq+iBFNseqAUC7jFd80BzhXQYggZibZeQuWZDlGpyd\/FeO54VRMvIRrSVTxbGxhEuf4uZoUMdiZ2VKM\/QCnC9G5F0bRvkgkgzylzL\/z6ARltGaPaIJcpdGMZ2RhUpslCPaMaEek0zykL\/qzrA8UtB5uWz2qwzXxBmHW36RchkLogSIZPaWWE6e2QeEum48NKPybQjTE8mnNI8Q8cQmVGxHa\/0WQikgZ08Q+8IwFvKR9oOYERjcPUvUzXNPCgLYK+0MjSNc4xNWpY4PV91RWiSFbKg9TkwSKoke5EB2GktCFTi1XIHdjZn6qFdyiZ2FkLHaqyE8UjsdJOSyo0mlAlRb7EUJLnAGIBt1WmWeEXLpvTeaBOxW7BBpWlsAEE5Q4UyrsWtKeBJgKoX6oSeNBacycyLV5wrky9OaogdwVFU8vIF8eXJs1PC7MtXzk5RjeClyR9PUlMJp0rOUvy4DkGX0RmJx7U8YlyPo7IXuHSxVIAtfvwPTpWXJLFq5cvaUomxKXXlzqa2gqZBUJNRkEwilMkhyi6VyHoWz6zMf7TtbMMGY8mZYGdzFJg0rxnO2etiB54MroYB7Bifo0i1hrmI7tm642ZYvWDD7egfRxEilaNcTsPZ3qgGPkxrFloQoLMmCjYxMy8CdtSLk+TKvDk5\/6JJE90gKHfC2SsmBdhNmdSLZnx2msNk4LRaU9g5xW\/UCUfJc3Yfdg2lHjfdTJUz63FQghgibsY2VwsA7LrQ4qy6uQq7jWvJdOonxS7mTUukGXA0LRxyNvMUJ5gmP9RsJPqOoSyDcnD5JZgo6Kxm3sHliFTe1AxNtPLQKTi6v89qTpZjHBMuphyTxrVJGq6O5yB\/Hnrc\/OT8\/Nn5SXPcnJ\/krNkC2No8Q0UkWzALcKYwX0jOm7Pzk7BXgDBCA05pUwOvAwptiB3saFxvD+VmHdCwDM1lnBiMbMbEtfp5Dj3rGNnLrkRhyRqy9n6fSeu3b+0Q0hVXsNssfR7PpuAjDdP4Vr\/pLqUJJpmfHkirJyE7ntQW7axQzFERSKgiWbimw7Z8LieCr+v7LnjyOJyly4stIrg+t2MVduloDo+jfkZ3Oc+QIeBe7FaEsw1NOogQrVkZjn12atIRJifpaZE0DFD4PalTcE9jZ7KgTa4zv7k+rcUO7IXWnhvEQJsW1wxdJWNQc7h20TNCcPLVi5EZgodI9EagC3Ud9JhuRwgSTm2lbmCKHXicqmtEkWdYlBQRw1MW61bEheY1I8blv9aqQRXEjiE8ZmOuNeNQTC7IxxG4P0aEnqgkx1QUkhq7ggSOQZ0lL047c2ev4GMW5MqkAUhZYEJh+zxotVlIv3LD0CF2lgPOMM2AB87h0LXmgzHPgwuthZbCkMayJytEUlZh57OO6wZSJFmiikNUbj4MSGgFkhAthooaNvUQAhjBZWmpB7vaUqHp8XVPdFVcSBLpgSfqTlyyVfCpbZ2oq4ZnkrFPjlmqME0cA01CMAyDgxC0JQ59wilvvt7gFX0lU4rdJLgWs5PT1gzCdEW7cnHaWHjx8iS5QBDOxovkymaHggZgh\/NklhKXizj1SeP6MY+PXEqXQ6LtcNBRa6oFf6nnNq0Tk+mDTqZz2+USL5fa2CmAXb4MxpLWVVs33FnFJVaO74sfEDthmfbzppyvKSoD8IJrG0Lw27D5qAYBMCN7nN0wrvWPfQovThuNs1eCqbkfA4wLZyenpy\/OT1lnuYXC80Q7Oz1fmLTGz24+suyndMwdPDUZfDZNhbBPUxp8FNYi4Muy62SuBW4vb\/fGJCvY4YLQ9fQlv4IdSR7jzlIZOvkIEJ0xcXSH0GaGNsH5ggMz0ze1lOi79rrY5DkvCoMLKktTyTJbXOEKxVB07Ff6+uz85Oz8\/PTsPIC0s2AVpgvWNPybx+007I4XJgvjk\/M3uhg0WTNLZZMFsxkw5QbB95ub5YQvXKILzhAuBu51IzpzPcncVsjR6ORlk\/mentkiuu30xXIPdpulDdtZqgcHwG5jbx7fNDuraLCdHbw2qEPJXE8VukpQ0sH15HxcGWerDFeuiFWXLxtVwV60PQgqGqy\/kA4Ubh27ZC1Pr26qrTMs8Id5fjZx8Ndfd9Z5RgBUNrGjGnrNeqTEy0I9lppziodTiDopMQbRabX9dNjWsfO4qtxYzoR27HtsXWAVD5cCxVWl5kg4PReoIVXtxfYLxI54DmP5FPKWBwxwvSxVMVQfn\/ljgElX1FfFTIl\/xxKdFfWqw3iUq5CYNZiYL+NJyjU8Fgy0xWLorcRps7aOnco3VdNu+FUvgKCZCsuAnYpPVEj44IlO5sou1zdS9kViB3Y2jqwWi\/OeKjh3SsxEOLfJ6FGgGqVQcVflGTbXo41YZ3kj2CmqWTbZqNHEqVIZsZPqXhh5EOM7DdZgwbtUejIhdlLyPGBbo2X6Ap6+6BmusGgrg6OXEHhFPZY3XbmOK5n51W9t6hD02YbsWy7HRjiJqMrg31VNW3BdRw+W6BCYFAdgR6g+oLSgf59jTKdfFX+xMdmcrclCRF1TtIhY4H9zxFPogoLPkTklBdjjIhzK8oySDYjZtYB2weBdVUItwsdROTPCZztBXy+bksObDGM4moNjfIyoRTzdvhXrx2Rr03NjeW3ZknFkCsexOdGMm1bkaMiMp8xBAieZ1hKG7N08N45d773Irngya32kBDvC6mFdJRU9sgn431awwNRVXALgg1etiuVkLXo1GeG4ikPw+GiZ54Saboe1JqPiggAdWmdrUl0CZYGPFMRgCqWWB1qoPWI+DLvsiEVC6Tr3Oj6yDjGsh89aN3OaXdFtn3hLnO0ZduSJodC70uHGsav2nMcwMVUbc2vn6xE72bLVvKGKbp7zea+p4yEuc3A5GR8CdHxNYT3F8msgWwbLcTJchMpLn6037EWDqzhztlUG7NRIljyxIao2Pqvs2WVTF0s9Y59IwqoePWD9RXdxMGLnx00vj5NMtfpcvYRL5G03b4ZCCyIHUO1QX5XozZVldTeg72QvkLScUqoEJHYV0CpCrhKEYHs5tk4WWqps+XXPz1U6HKO+wykqPktz6eQuZ+IvRWXbz2lR4Io7lIFPkHHJo2V5YsKdwNMcJVAa5iFU+rQZzhxnM\/RCkE7omplkoK+NXbJ20eeawJt6LSCLVT9n6q1GXtEdSS1TS+lTLHHVXgQOgw52+MEgGqvIOlggBgzIJ+GS2V78eKhJqw7Vld6tYxeDDKvQ0aoC6C4I\/UNc5WqEZUqJpRaEjDWIc3XVCTsjkp+Pne0d6OnECSl2lMQli3\/A2EBM3lDCJYjq1dCQSrw9V8YRAjXCNcdpno3OMfbGIjfg37Gm71NVfJAVV3F6LBFwaalP+zwrA3aeg29gcKKuX5pix\/c2mRu8BkTod77SKT5r0JUDCfps7MtgZ5sROLQsmH86ivOsb4kLQYm4LqeQMNRscOBwsruarAu+0WfxNk5bfV+A5VgMhcvbf+foisZaOzhDdR0Le301sFhaAB\/Udzxc6O6AIhA9N7CqTpgnjKp4ZnWDw1N9tkJ3B4c7q4YXv2jsuv2l2xeHDJWmhLZCiSQzLBMhQgcsoutziq81Q4jm8PkqJ5nxEUJZsEsSiEWIT11ZuhJ6+UAyVD7aCnYbpC8Wu4UAlx2hh5ItwaYWwL+QSqaUsgOfu8E+uxiEYBPBqlhhntODXGzjc2wtmqiMDcU16ryrKq4KQTg4KAxip6sKKywTRlYN1dhY+7782C021cj2QD4a9hIFTbNjtakzdQuXytakAUtZETsczaGS4Z0MApylccapojc7s3hobJOngxF8Krk8Q9NCiPs0NXIV9wp9+bFLHiLRGQO8spKF0awqgZywkg7+eIkx1rI\/1M5m11vGMXr4aA19+bHT6qDCtaqBS3kp1tbqFmt4oN5ZA0dTBnSv\/6DvcNss3Xr\/HVL7\/XebI2LiepTNZkr03RdAgF1m03mSdQGbJAqw+0O\/+vGPlu74\/18U1Xz3dvlvAAAAAElFTkSuQmCC"
},
"5": {
"title": "The Web IS Vulnerable: XSS on the Battlefront",
"content": "Cross-site scripting issues remain a big problem of the web: using a combination of big data mining and relatively simple detection methods, we have identified attackers successfully exploiting XSS flaws on over 1,000 vulnerable pages on hundreds of websites, spanning multiple countries, types of organizations, all major TLDs, and well known international companies. We also found numerous malicious attacks of different severity leveraging existing XSS vulnerabilities.\r\n\r\nIn this talk first we summarize our findings, presenting both unusual cases and various statistics, and then we follow up with present state-of-the art methods of protection from probing for XSS vulnerabilities and XSS attacks, showing that they are capable of intercepting over 95% of the real-world malicious samples. We will also introduce a new research tool called detectXSSlib, which is a lightweight module for nginx server dedicated to real-time detection of XSS attacks.",
"cover_url": "https:\/\/www.trustwave.com\/images\/slblog-03-02-2018-10-57-10\/spiderlabs\/7e1187b7-8595-468e-9c2d-45ce257e3800.png?v=0.0.1"
},
"6": {
"title": "HackerOne's 2018 report About Cross Site Scripting",
"content": "HackerOne's 2018 report says that the Cross-Site Scripting (XSS) continues to be the most common vulnerability across all industries that run a bug bounty program, apart from healthcare and technology. In the meanwhile, a non-profit Open Bug Bounty project helped fixing over 125,000 XSS on various websites across the world. Google, for example, continues paying up to $7,500 for an XSS flaw that permits taking over a user account.\r\n\r\nWant to have an in-depth understanding of all modern aspects of\r\nCross-Site Scripting (XSS) Security Vulnerability Practical Overview?\r\nRead carefully this article and bookmark it to get back later, we regularly update this page.\r\n\r\nAccording to Veracode\u2019s latest State of Software Security report, 28% of all applications have a SQL injection flaw when the application security company first scans them. And, as high as, 40% of applications have an XSS flaw.\r\n\r\nAccording to Veracode, 28% of all applications have a SQL injection flaw at first scan. And, as high as, 40% of applications have an XSS flaw.\r\n\r\nIn 2014, a security researcher discovered and revealed vulnerabilities in auction website eBay.com. Exploiting flaws in the website's code, attackers would be able to redirect users to fake login pages, stealing their authentication credentials. The flaw in question is known as XSS \u2013 Cross-Site Scripting [CWE-79] \u2013 a security flaw which allows for unauthorised scripts to be inserted into web applications. These vulnerabilities were supposedly patched; but in 2017 new reports surfaced of similar attacks. Despite eBay's efforts, XSS vulnerabilities are a persistent problem, for them and many other sites and web-apps. OWASP cites XSS as the second most prevalent security risk, putting it at #7 in the top 10 ranking of application security threats.",
"cover_url": "https:\/\/assets.website-files.com\/5ff66329429d880392f6cba2\/613afb64ef1be3c2d175949b_Cross-Site%20Scripting%20(XSS)%20attack%20Preview-p-800.png"
},
"7": {
"title": "The scope for Cross-Site Scripting ",
"content": "The potential for damage stemming from XSS vulnerabilities has been known for more than a decade. As early as 2005, the Myspace social networking site was subject to the infamous XSS-based Samy worm. While relatively harmless and non-malicious, the worm exploited an XSS vulnerability to execute scripts in other users' browsers, including self-replication. The worm spread to over one million users within hours, before Myspace took the website down to combat it.\r\n\r\nDespite such early warnings of the dangers of XSS, the problem remains common. In 2017, Google researcher Tavis Ormandy discovered a DOM XSS vulnerability in a Chrome extension that was automatically installed during an Adobe security update. The extension had something like 30 million installs, but contained an XSS vulnerability that allowed privileged JavaScript execution. Ormandy described it as having \u2018critical severity\u2019.\r\n\r\nHigh-Tech Bridge CEO Ilia Kolochenko comments on the seeming intractability of XSS vulnerabilities over the years: \u201cThis can probably be explained by high customisation of web applications. Almost every start-up creates its website and web-based applications from scratch or uses some customization. At the same time, they try to save money and consequently hire unexperienced developers. A toxic cocktail of new code and unaware or careless developers unavoidably leads to numerous vulnerabilities. In larger companies, problems are similar \u2013 because of tough competition they have to innovate and release new products and applications very frequently. At the end of the day, they simply have no time or budget for security.\u201d",
"cover_url": "https:\/\/www.immuniweb.com\/images\/blog\/owasp7-cross-site-scripting-xss.jpg"
},
"8": {
"title": "Example Xss",
"content": "xss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example postxss example post",
"cover_url": "https:\/\/www.vaadata.com\/blog\/wp-content\/uploads\/2022\/09\/Reflected-XSS-attack-1024x535.jpg"
}
}