Cross Site Scripting (XSS) Explained with JavaScript

Cross-site scripting is a major security concern on the web. This video talks about how to spot it and prevent against it. Have more thoughts? Leave a comment or @-me on https://twitter.com/tejaskumar_ Don't forget to like and subscribe with notifications for future videos! In this video, we'll be talking about JavaScript Cross-Site Scripting (XSS). XSS is a vulnerability in web applications that allows an attacker to inject malicious code into a web page, resulting in the execution of the code in the context of the user who is viewing the page. So what is cross site scripting? Cross site scripting is a method of injection that uses the same input as the user, making the user execute the code in their browser. In this video, we'll be discussing how to detect and prevent XSS attacks in your web applications. More resources: - A serializer/sanitizer you can use in your projects: https://www.npmjs.com/package/xss - OWASP Definitions: https://owasp.org/www-community/attacks/xss/ - XSS Cheat Sheet 2021 Edition: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet - Conent Security Policy Documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP Chapters: 00:00 Intro 00:08 What is Cross-Site Scripting? 00:51 1. Reflected XSS 02:19 2. Persistent XSS 03:42 3. DOM-based XSS 05:00 Mitigation Steps 05:15 1. Don't Trust Anything 05:44 2. Content Security Policy 06:30 Conclusion