XSS vulnerability allows a hacker to inject malicious JavaScript into a legitimate website, resulting in information disclosure and other security threats. In this activity, you will identify the vulnerabilities of web browsers and web applications that allow XSS attack.
Explain how cross-site scriipting can be used to steal someone’s cookies. Include a short discussion about the JavaScript function.
Explain how stolen cookies can be used to cause session hijacking – begin by defining session hijacking.
Explain how phishing enables XSS.
Explain how browsers have evolved to reduce the risks of XSS attacks.
Explain how securely provisioned web servers protect against XSS attacks.