Recognize Different Types of XSS
I said earlier that an XSS attack happens when someone executes his or her own scripts on your page in the context of your web application. Those scripts are running within your websiteâs security space, and the application thinks the site is intentionally running the scripts. How you defend against XSS depends on the type of attack youâre facing.
First up is reflected XSS, which is a form of XSS where the injected script is reflected off the web server; see the following illustration. This means the script, or reference to the script, is not stored on the server but reflected from somewhere else. This can be either through a form post or a URL parameter.
This typically happens because the websiteâs HTML ...
Get Secure Your Node.js Web Application now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.