1
00:00:00,160 --> 00:00:07,050
XSS derives from the possibility of injecting malicious data into the form of JavaScript code

2
00:00:07,560 --> 00:00:17,340
using an input channel such as querystring parameters sent via Get HTTP method or fields of a data

3
00:00:17,340 --> 00:00:19,920
entry form sent via Post.

4
00:00:20,730 --> 00:00:27,660
The malicious JavaScript code not validated and therefore not blocked on the server side is

5
00:00:27,660 --> 00:00:32,180
executed against a response going on the user's client.

6
00:00:33,060 --> 00:00:41,940
So XSS is a type of attack that does no harm directly to the server, but to the user.

7
00:00:42,690 --> 00:00:51,090
XSS can be used by malicious attackers, for example, to steal session cookies from legitimate users

8
00:00:51,240 --> 00:01:00,060
and send the relative session ID to an attacker, or to redirect users of a site to login pages of

9
00:01:00,060 --> 00:01:05,610
a fake clone site in order to steal authentication credentials.

10
00:01:07,280 --> 00:01:16,700
The DOM-based type of XSS can occure when JavaScript code in a page does not suitably validate data,

11
00:01:17,090 --> 00:01:19,610
that it can take as input.

12
00:01:21,170 --> 00:01:29,330
Here is an example of a JavaScript code in a Web page that is vulnerable to DOM-based XSS

13
00:01:30,020 --> 00:01:39,110
The problem stems from the fact that the document.write function does not validate its argument before

14
00:01:39,110 --> 00:01:43,880
using it, allowing the injection of malicious JavaScript.

15
00:01:45,770 --> 00:01:53,660
The non-persistent type of XSS is typical of applications in which an input to the application

16
00:01:53,660 --> 00:02:03,830
sent via request is returned with a response by reloading the same page with a postback or on a different

17
00:02:03,830 --> 00:02:04,480
page.

18
00:02:07,190 --> 00:02:16,310
In the persistent tipology, the non validated malicious JavaScript is even saved in a database and

19
00:02:16,310 --> 00:02:20,450
then retrieved through queries and sent on clients.

20
00:02:23,210 --> 00:02:33,050
For the remedy to XSS is important before validation to normalize or canonicalize the data.

21
00:02:35,270 --> 00:02:43,760
The table shows the various possibilities of character transcoding that a malicious attacker could exploit

22
00:02:44,060 --> 00:02:48,830
to bypass the validation without canonicalization of the data

23
00:02:51,100 --> 00:02:59,230
Among the possible remedies for XSS is the use of regular expression to search for the malicious

24
00:02:59,230 --> 00:03:09,220
pattern consisting of the tag script  /script used to enclose the malicious JavaScript code that

25
00:03:09,220 --> 00:03:11,230
an attacker could inject.

26
00:03:13,660 --> 00:03:21,940
Here is an example of C sharp code that implements a remedy for XSS

27
00:03:24,180 --> 00:03:31,140
And here an example of Java code that implements a remedy for XSS with regular expression.

28
00:03:34,530 --> 00:03:39,690
Some links for further information on the topic of cross site scripting.

29
00:03:42,070 --> 00:03:44,770
Thank you very much for your kind attention.