slides/nyphp-security/xss.xml
Cross-Site Scripting
6/15
Detect Data Tampering with Hashes
Defeating XSS
  • • Interactive features of your site are used as unwitting carriers of client-side attacks
  • • Anywhere you display external input:
  • • User profile
  • • Forums
  • • Error pages (the URL is external input)