Key Concepts

Review core concepts you need to learn to master this subject

Cross-Site Scripting (XSS)

Preventing Cross-Site Scripting

Cross-Site Request Forgery (CSRF)

Cross-Site Scripting (XSS)

<script>alert(1);</script>

<img src="X" onerror=alert(1);>

<b onmouseover=alert(1)>click me!</b>

<body onload=alert('test1')>

Cross-Site Scripting (XSS) is a vulnerability that occurs when a web application returns unsanitized input to the front end of an application.

Three types of XSS attacks are:

  • Stored XSS: when a server saves an attacker’s input into its datastores.
  • Reflected XSS: when a user’s input is immediately returned back to the user.
  • DOM-Based XSS: when user input is interpreted by the DOM, an attacker could inject arbitrary code.

The code shows examples of HTML tags that help attackers inject dangerous input.

Malware
Lesson 1 of 1
  1. 1
    Introduction to Malware
    It’s your first day on the job at Cybercademy — a new cybersecurity organization that helps companies improve their security practices. ### Your Task Identify various types of malware on an …
    Start
  2. 2
    Adware
    First, you open the web browser. The first page it opens to is a strange page about a computer cleaner that’s “guaranteed to make your computer run 10X faster!!”. What an odd choice for a homepage….
    Start
  3. 3
    Virus
    You navigate to your client’s email. Immediately, you see that your client opened some emails sent from an odd email address. You open the emails and see that the client clicked on links and likely…
    Start
  4. 4
    Worms
    What type of virus is this? You check your client’s “Sent Emails” folder and notice your client recently sent the same email to everyone on their contacts list. The emails have the same subject lin…
    Start
  5. 5
    Spyware
    Wow, what a disaster computer. Hm, when you type, there seems to be a slight delay before some of the characters show up. What’s going on? Oh no! It looks like your client may be in deeper trouble…
    Start
  6. 6
    Trojan Horses
    While the presence of spyware makes it obvious something nefarious was installed on the computer, was anything else installed? Ugh, of course. After more digging, you find a Trojan Horse. Wow, is …
    Start
  7. 7
    Rootkits
    What exactly is the Trojan Horse up to? What was it trying to do? You have to find the answer. Scanning the device, you find that this horrible device just keeps getting worse; the Trojan horse wa…
    Start
  8. 8
    Ransomware
    The rootkit allowed someone access to this computer. What did they do with that access? You realize that the rootkit was used to deny the user access to files on their system that contain lots of i…
    Start
  9. 9
    Fileless Malware
    It seems like nothing else could go wrong with this computer. If this was a game of malware bingo, you would be one step away from winning the jackpot. For fun, you investigate some command-line pr…
    Start
  10. 10
    Review
    What a day! On that horrible machine, you discovered: * Malware: Malicious code inserted into a system to cause damage or gain unauthorized access to a network * Adware: Unwanted software des…
    Start

How you'll master it

Stress-test your knowledge with quizzes that help commit syntax to memory

Pro Logo