XSS Security Threats and Impact

Questions and Answers

PDF Questions PDF Answers

What is the result of an attacker executing malicious scripts in the victim's browser?

Defacing web sites

User sessions hijack and defacing web sites

Redirecting the user to malicious sites

All of the above (correct)

What is the primary condition that leads to Cross-Site Scripting (XSS)?

Escaping special characters in the DOM

Validating user input data

Storing user input data on the target server

Sending untrusted data to the client without validation (correct)

What type of XSS occurs when user input is stored on the target server?

Reflected XSS

Persistent XSS

Stored XSS (correct)

DOM Based XSS

What is the sink in DOM Based XSS?

The DOM

What should be done to prevent XSS attacks?

Validating user input data and escaping special characters

What happens in Reflected XSS?

User input is immediately returned by a web application

What is the type of attack being executed in the scenario described?

Cross-site Scripting (XSS) attack

What is the username and password used to login in the scenario?

username: Tom, password: tom

What is the purpose of robust validation mechanisms in preventing XSS attacks?

To sanitize user input

What should developers ensure when accepting user input?

That the input is validated against a whitelist

What is the impact of a successful XSS attack?

Much more than just displaying a message box can be performed

What should be escaped based on the HTML context?

All untrusted data