Clarifying Hacking with XSS

Clarifying Hacking with XSS

This post first appeared on April 17, 2022 and is republished with permission from the author.

Disclaimer: The ideas below are my own and may not reflect those of OffSec.

.entry-content h3 { font-weight: bold; padding-bottom: 10px; } Clarifying Hacking with…

The purpose of this post is to help cybersecurity professionals explain ‘hacking’ to lay-people. This might be useful when communicating with individuals totally outside of the infosec space, or with businessy folk inside the space that want to get a more intuitive understanding of what attackers really can do and how they can be so dangerous.

…Cross-Site Scripting

Cross-Site Scripting is an excellent vulnerability to showcase the reach and power of attacks for at least three reasons:

1) The client is the victim and the explainee is the client

Since XSS targets a visiting client’s browser, the attack can be made much more personally relevant than something like SQL Injection or Directory Traversal. Most people don’t have experience with managing databases or organizing web directory structures, but they do have a lot of experience operating a browser. Since the browser is itself the target, we can skip

Read More: https://www.offensive-security.com/offsec/clarifying-hacking-with-xss/