=

XSS

Task 1 - Introduction

read and then click on completed button

Task 2 - Terminology and Types

Q1. Which XSS vulnerability relies on saving the malicious script?

answer

Answer - Stored XSS

Q2. Which prevalent XSS vulnerability executes within the browser session without being saved?

answer

Answer - Reflected XSS

Q3. What does DOM stand for?

answer

Answer - Document Object Model

Task 3 - Causes and Implications

Q1. Based on the leading causes of XSS vulnerabilities, what operations should be performed on the user input?

answer

Answer - validation and sanitization

Q2. To prevent XSS vulnerabilities, what operations should be performed on the data before it is output to the user?

answer

Answer - encoding

Task 4 - Reflected XSS

The character we specially have to encode are -

chars

Q1. Which one of the following characters do you expect to be encoded? ., ,, ;, &, or #?

Answer - &

Q2. Which one of the following characters do you expect to be encoded? +, -, *, <, =, or ^?

Answer - <

Q3. Which function can we use in JavaScript to replace (unsafe) special characters with HTML entities?

answer

Answer - escapeHtml()

Q4. Which function did we use in PHP to replace HTML special characters?

answer

Answer - htmlspecialchars()

Task 5 - Vulnerable Web Application 1

Q1. What type of vulnerability is it?

answer

Answer - Reflected XSS

Task 1 - Brief

Q1. What does SQL stand for?

answer

Answer - Structured Query Language

Task 1 - Brief

Q1. What does SQL stand for?

answer

Answer - Structured Query Language

Task 1 - Brief

Q1. What does SQL stand for?

answer

Answer - Structured Query Language