SlideShare a Scribd company logo
1
2
3
4
5
6
7
- XSS (Cross Site Scripting) Prevention Cheat Sheet
- OWASP Top 10 for JavaScript – A2: Cross Site Scripting – XSS
8
9
10
11
12
13
14
15
16
17
18
Evil site
Click
me!
Vulnerable site
Delete
something!
20
21
Attacker
Target
22
23
http://www.thoughtcrime.org/software/sslstrip/
24
www.onlinebank.com (unprotected)
Redirect: https://www.onlinebank.com (unprotected)
https://www.onlinebank.com (protected)
Online bank
25
www.onlinebank.com (unprotected)
Response (unprotected)
https://www.onlinebank.com (protected)
Online bankAttacker
Response (protected)
http://www.onlinebank.com (unprotected) https://www.onlinebank.com (protected)
Response (protected)
Response (unprotected)
26
27
28
29
30
31
32
33
34
35
36
37
38

More Related Content

Viewers also liked

HABILIDADES DE COMUNICACION EN LA EMPRESA.
HABILIDADES DE COMUNICACION EN LA EMPRESA. HABILIDADES DE COMUNICACION EN LA EMPRESA.
HABILIDADES DE COMUNICACION EN LA EMPRESA.
Carolina Ruiz Amo
 
HTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English versionHTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English version
Michal Špaček
 
AI = SE , giip system manage automation with A.I
AI = SE , giip system manage automation with A.IAI = SE , giip system manage automation with A.I
AI = SE , giip system manage automation with A.I
Lowy Shin
 
Facebook Anonymous Publisher
Facebook Anonymous PublisherFacebook Anonymous Publisher
Facebook Anonymous Publisher
Chang Yu-Sheng
 
10a daniel felipe peña creación de un videojuego
10a daniel felipe peña creación de un videojuego10a daniel felipe peña creación de un videojuego
10a daniel felipe peña creación de un videojuego
Nicole2411
 
Securing your web application through HTTP headers
Securing your web application through HTTP headersSecuring your web application through HTTP headers
Securing your web application through HTTP headers
Andre N. Klingsheim
 
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowHTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must Know
Ayoma Wijethunga
 
WhiteHat Security Presentation
WhiteHat Security PresentationWhiteHat Security Presentation
WhiteHat Security Presentation
markgmeyer
 
List of useful security related http headers
List of useful security related http headersList of useful security related http headers
List of useful security related http headers
한익 주
 
Plantas electricas fallas en los transformadores
Plantas electricas fallas en los transformadoresPlantas electricas fallas en los transformadores
Plantas electricas fallas en los transformadores
norenelson
 
Analysis of HTTP Security Headers in Turkey
Analysis of HTTP Security Headers in TurkeyAnalysis of HTTP Security Headers in Turkey
Analysis of HTTP Security Headers in Turkey
Dr. Emin İslam Tatlı
 
Persamaan Kuadrat
Persamaan KuadratPersamaan Kuadrat
Persamaan Kuadrat
Dinar Nirmalasari
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINX
Wallarm
 
Clase 2 para continuar
Clase 2 para continuarClase 2 para continuar
Clase 2 para continuar
Maribel Gaviria Castiblanco
 
El folklor boliviano
El folklor bolivianoEl folklor boliviano
El folklor boliviano
Julio De La Cruz
 
Tarea seminario 2, búsqueda en pubmed
Tarea seminario 2, búsqueda en pubmedTarea seminario 2, búsqueda en pubmed
Tarea seminario 2, búsqueda en pubmed
andresespinosalopez
 
Security HTTP Headers
Security HTTP HeadersSecurity HTTP Headers
Security HTTP Headers
Chang Yu-Sheng
 
Material didactico estudio_grupo -3
Material didactico estudio_grupo -3Material didactico estudio_grupo -3
Material didactico estudio_grupo -3
Marvin Aguilar
 
Presentación maltrato infantil
Presentación maltrato infantilPresentación maltrato infantil
Presentación maltrato infantil
Jesús Ángel Ruiz Moreno
 
Lectura ironman 1
Lectura ironman 1Lectura ironman 1
Lectura ironman 1
Ester Jiménez Tomás
 

Viewers also liked (20)

HABILIDADES DE COMUNICACION EN LA EMPRESA.
HABILIDADES DE COMUNICACION EN LA EMPRESA. HABILIDADES DE COMUNICACION EN LA EMPRESA.
HABILIDADES DE COMUNICACION EN LA EMPRESA.
 
HTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English versionHTTP Strict Transport Security (HSTS), English version
HTTP Strict Transport Security (HSTS), English version
 
AI = SE , giip system manage automation with A.I
AI = SE , giip system manage automation with A.IAI = SE , giip system manage automation with A.I
AI = SE , giip system manage automation with A.I
 
Facebook Anonymous Publisher
Facebook Anonymous PublisherFacebook Anonymous Publisher
Facebook Anonymous Publisher
 
10a daniel felipe peña creación de un videojuego
10a daniel felipe peña creación de un videojuego10a daniel felipe peña creación de un videojuego
10a daniel felipe peña creación de un videojuego
 
Securing your web application through HTTP headers
Securing your web application through HTTP headersSecuring your web application through HTTP headers
Securing your web application through HTTP headers
 
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowHTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must Know
 
WhiteHat Security Presentation
WhiteHat Security PresentationWhiteHat Security Presentation
WhiteHat Security Presentation
 
List of useful security related http headers
List of useful security related http headersList of useful security related http headers
List of useful security related http headers
 
Plantas electricas fallas en los transformadores
Plantas electricas fallas en los transformadoresPlantas electricas fallas en los transformadores
Plantas electricas fallas en los transformadores
 
Analysis of HTTP Security Headers in Turkey
Analysis of HTTP Security Headers in TurkeyAnalysis of HTTP Security Headers in Turkey
Analysis of HTTP Security Headers in Turkey
 
Persamaan Kuadrat
Persamaan KuadratPersamaan Kuadrat
Persamaan Kuadrat
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINX
 
Clase 2 para continuar
Clase 2 para continuarClase 2 para continuar
Clase 2 para continuar
 
El folklor boliviano
El folklor bolivianoEl folklor boliviano
El folklor boliviano
 
Tarea seminario 2, búsqueda en pubmed
Tarea seminario 2, búsqueda en pubmedTarea seminario 2, búsqueda en pubmed
Tarea seminario 2, búsqueda en pubmed
 
Security HTTP Headers
Security HTTP HeadersSecurity HTTP Headers
Security HTTP Headers
 
Material didactico estudio_grupo -3
Material didactico estudio_grupo -3Material didactico estudio_grupo -3
Material didactico estudio_grupo -3
 
Presentación maltrato infantil
Presentación maltrato infantilPresentación maltrato infantil
Presentación maltrato infantil
 
Lectura ironman 1
Lectura ironman 1Lectura ironman 1
Lectura ironman 1
 

Security "for free" through HTTP headers