XSS ATTACK & REMIDIES

Presented By - Usashi Maji

Yashaswi Rai

Supervised By: Dr. Partha Sarathi Goswami

Dr. Sudipta Kumar Ghosal
Behala Government Polytechnic
INTRODUCTION
TYPE OF XSS
(STORED, REFLECTED, DOME-BASED)

IMPACT OF XSS ATTACKS

REAL-WORLD XSS ATTACKS

TOOL
PREVENT OF XSS
CONCLUSION
Introduction to
Cross Site
Scripting (XSS)
Cross Site Scripting (XSS) is a type of security
vulnerability that allows an attacker to inject
malicious code into a web page viewed by other
users. This can result in the theft of sensitive
data, such as login credentials or financial
information.
 Types of XSS

DOM
Stored Reflected
BASED
XSS XSS
XSS
 Stored XSS
Stored XSS attacks involve an
attacker injecting malicious
code into a web application's
database. This code is then
displayed to all users who
access the affected page,
potentially compromising their
security.
 Reflected XSS
Reflected XSS attacks involve
an attacker injecting malicious
code into a URL parameter
that is then reflected back to
the user in the page's
response. This type of attack
requires the victim to click on a
specially crafted link.
DOM-Based XSS
DOM-Based XSS attacks involve
an attacker injecting malicious
code into the Document Object
Model (DOM) of a web page.
This type of attack does not
require the server to be
compromised, making it more
difficult to detect and prevent.
Impact of XSS
Session hijacking

Data theft
Website defacement
Malware propagation
Phishing attacks
SEO manipulation
NOW ITS TIME FOR

REAL-WORLD
XSS ATTACK
 XSS Payload Selector
This program generates a list of cross-site scripting (XSS) payloads based
on the user's input, allowing them to filter out certain strings and keep
40
others. The program then randomly selects a specified number of payloads
from the filtered list to display to the user.
30
Using this program can have several advantages:

i) Saves time: Rather than manually generating XSS payloads, this program 20
automates the process and generates multiple payloads quickly.

ii) Customizable: Users can specify strings to filter out or keep, allowing for 10
customization of the payloads generated.

iii) Increases security: By generating and testing a variety of XSS payloads, 0

users can identify potential vulnerabilities in their applications and take

5
t

t
en

en

en

en

en
steps to prevent them before an attacker can exploit them.

em

em

em

em

em
El

El

El

El

El
Overall, this program can be a valuable tool for web developers and security
professionals looking to test the security of their applications and identify
potential XSS vulnerabilities.
 Prevention of XSS
Input validation
Output encoding
Content Security Policy (CSP)
Secure coding practices
Use frameworks with built-in
protection
HTTP-only cookies
Regular security testing
Security awareness and training
 CONCLUSION
Cross Site Scripting (XSS) is a pervasive and dangerous security
vulnerability that affects millions of web applications worldwide. By
understanding the different types of XSS attacks and
implementing effective security measures, developers and
organizations can protect themselves and their users from the
devastating consequences of these attacks.
It is essential for businesses and individuals to take XSS attacks
seriously and prioritize cybersecurity in order to stay safe in an
increasingly digital world.
THANK
YOU