Security Intermediate

What is XSS (Cross-Site Scripting)?

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

XSS attacks inject JavaScript into web applications. Stored XSS persists in the database (e.g., in comments). Reflected XSS is embedded in URLs. DOM-based XSS manipulates the client-side document directly.

Prevention includes output encoding (HTML entities), Content Security Policy (CSP) headers, input validation, and using frameworks that auto-escape output. XSS can steal cookies, redirect users, or deface pages.

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

Firewall Rules

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

Security Audit

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

View All Security Terms →