XSS (Cross-Site Scripting) Attack

 XSS (Cross-Site Scripting)

XSS (Cross-Site Scripting)

• Client-side attack
• JavaScript
• HTML iFrame
• URL ends in .js
• Percent encoding %C (<) & %3E (>)

HSTS (HTTP Strict Transport Security)

 HSTS

HSTS (HTTP Strict Transport Security)

·         Configured on the server

·         Only allows the session to be HTTPS

·         Mitigates SSL stripping, downgrade attacks

·         Also called HTTP security header