The document discusses vulnerabilities related to cross-site scripting (XSS) and SQL injection. It outlines the types of XSS and SQL injection, their mechanisms, and the potential damage they can cause, emphasizing preventive measures such as input validation and parameterized queries. Key recommendations include staying informed and implementing robust security practices to protect web and database integrity.

1. Confidential
1
Copyright © 1
XSS & SQL
Injection :

2. Confidential Copyright ©
Cross-Site Scripting (XSS)
XSS is a vulnerability
that allows attackers to
inject malicious scripts
into web pages viewed
by users.
Reflected XSS: Script
is reflected off a web
server.
Stored XSS: Script is
stored on a server and
executed when
accessed.
DOM-based XSS:
Script is executed as a
result of modifying the
DOM environment.
Malicious scripts can
steal cookies, hijack
sessions, or deface
websites.
Sanitize and validate
input.
Encode output.
Use security headers
like Content Security
Policy
Definition: Types: How is works: Prevention:
2

3. Confidential Copyright ©
SQL Injection
SQL Injection is a
technique where
attackers exploit
vulnerabilities in the
code to manipulate a
database.
Error-based SQLi:
Error messages help
attackers.
Union-based SQLi:
Unions results from
different queries.
Blind SQLi: No visible
response, relies on
database behavior.
Attackers can access,
modify, or delete
database data.
Use prepared
statements and
parameterized queries.
Sanitize inputs.
Apply the least privilege
principle.
Definition: Types: How is works: Prevention:
3

4. Confidential Copyright ©
4
Conclusion
XSS and SQL Injection are serious vulnerabilities with
significant impacts. Preventive measures include input
validation, encoding, and proper use of security practices.
Staying informed and proactive is key to web and database
security.Subtitle
Date