Security Intermediate

What is XSS (Cross-Site Scripting)?

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

XSS attacks inject JavaScript into web applications. Stored XSS persists in the database (e.g., in comments). Reflected XSS is embedded in URLs. DOM-based XSS manipulates the client-side document directly.

Prevention includes output encoding (HTML entities), Content Security Policy (CSP) headers, input validation, and using frameworks that auto-escape output. XSS can steal cookies, redirect users, or deface pages.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

JWT (JSON Web Token)

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

View All Security Terms →