Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. It's like letting a random stranger scribble whatever JavaScript they want on your website - what could possibly go wrong?
I was trying to impress the new DevOps engineer, but then she pointed out the cross-site scripting (XSS) vulnerability in my code. Guess I'll be spending the weekend refactoring instead of binge-watching Stranger Things.
The pen tester found a cross-site scripting (XSS) flaw in our login form, and now management is freaking out about compliance. I told them we should have just used a static HTML page with a "Coming Soon" message.
A Guide to Threat Modelling for Developers - This article provides straightforward steps for incorporating threat modeling into your development process to identify and mitigate security risks like XSS.
One Line of Code that Compromises Your Server - Learn how a single line of code with a weak session secret can lead to your server being pwned. Spoiler alert: XSS is one way attackers can exploit this.
The Basics of Web Application Security - If you're tired of getting schooled by the security team, this article covers essential security practices every developer should know, including defending against XSS attacks.
Note: the Developer Dictionary is in Beta. Please direct feedback to skye@statsig.com.