Web Security Basics: Cross-Site Scripting
Learn how to secure your application against cross-site scripting (XSS) attacks
Web application security can be a difficult topic. With the constant threat from attackers all over the world and so many different methods of attack learning them all can seem impossible. If you take them one chunk at a time, though, it's much easier. This course aims to teach you about one of those "chunks" - Cross-Site Scripting.
Cross-site scripting is an attack that is very wide spread and has lead to the compromise of many companies on the web, both major and minor. Join me as I walk you through the attack, how it can be used to exploit a site and how to prevent it. We'll discuss:
- What cross-site scripting (XSS) is and some of the history behind it
- Common uses for this kind of exploit (including examples)
- How to prevent it in your application, complete with PHP-based examples
- Additional resources where you can learn more about the attack type
- Tools you can integrate into your application to prevent it in the future
So join me and learn about this common web application security issue and how you can protect you and your application from its effects!
For the last 12+ years, Chris has been involved in the PHP community in one way or another. These days he's the Senior Editor of PHPDeveloper.org, lead author for Websec.io, a site dedicated to teaching developers about security, and the Securing PHP project. He's also written for several PHP publications and has spoken at conferences in both the U.S. and Europe on security-related topics. He's also an organizer of the Dallas PHP User Group and the Lone Star PHP Conference and works as an Application Security Engineer for Duo Security.