LinkedIn respects your privacy

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Join now Sign in

From the course: ISACA Certified Information Systems Auditor (CISA) Cert Prep

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Cross-site attacks

Cross-site attacks

From the course: ISACA Certified Information Systems Auditor (CISA) Cert Prep

Start my 1-month free trial Buy for my team

Cross-site attacks

“

- [Kelly] Let's look at one of the more common attacks towards websites, and that is cross-site scripting. And we also have cross-site request forgery that we're going to talk about in this category too, and they have some similarities and then a very essential sort of difference as far as how the exploits happen. But let's start off with cross-site scripting. Now, with cross-site scripting, the idea is we're going to exploit a vulnerable website. That's traditionally how cross-site scripting attacks have happened. So just like we talked about a few minutes ago, one of the easiest ways to prevent your site being maliciously commandeered for a cross-site scripting attack is to have good input validation. So again, like everything, these attacks that we talk about, we can defend against them, but we have to be security minded in order to do so, okay? So the way these cross-site scripting attacks happen is through input code injection. Alright? So couple of different types. There are…

Contents