What IS Cross Site Scripting? Also know as ‘XSS’, cross site scripting is a web application vulnerability that allows an attacker to inject their own script into your application, manipulating your application into trusting it, as if their script was part of the application. The attack is then executed against users of your application in the browser. XSS is common, dangerous, and easy to find with automated tools, which is why it is #A6 on the OWASP Top Ten. This Application Security Lesson will teach you what XSS, how to differentiate the 3 types of XSS, explain how to find it, but most importantly, how to prevent it. This talk also includes a live demonstration of the vulnerability, with audience participation.