| Web Development >> Ruby On Rails |
Cross Site Scripting
| Language : | English | Quality : | High | Has Audio : | true | Source : | Other | Media : | QuickTime |
| Another common security issue is cross site scripting. In this episode you will see why it is so important to escape any HTML a user may submit |
Tags: Ruby On Rails, Ruby, Web Development, Security, Screencast, Cross Site Scripting, [SUGGEST A TAG]
Resources referenced in this screencast
|
Articles Realted to this Topic |
[SUGGEST A ARTICLE] |
|
Protecting against Cross Site Scripting (CSS/XSS) Many web applications use session cookies to track the requests of a user. The cookie is used to identify the request and connect it to the session data (@session in Rails). Usually the session contains a reference to the user that is currently logged in, e.g. the id of a User object |
|
Demonstrating the Consequences of Cross Site Scripting (XSS) Vulnerabilities High risk vulnerabilities such as SQL Injection can be easily demonstrated by security analysts to developers or business executives. For example, a xp_cmdshell request injected into an application vulnerable to SQL Injection can be used to demonstrate how an attacker can abuse SQL injection to obtain a command prompt from the host running the (Microsoft) SQL server. Such demonstrations have major visual impact and the consequences of the vulnerabilities are clear |