Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
The Ultimate Kali Linux Book

You're reading from   The Ultimate Kali Linux Book Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire

Arrow left icon
Product type Paperback
Published in Feb 2022
Publisher Packt
ISBN-13 9781801818933
Length 742 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Glen D. Singh Glen D. Singh
Author Profile Icon Glen D. Singh
Glen D. Singh
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Getting Started with Penetration Testing FREE CHAPTER
2. Chapter 1: Introduction to Ethical Hacking 3. Chapter 2: Building a Penetration Testing Lab 4. Chapter 3: Setting Up for Advanced Hacking Techniques 5. Section 2: Reconnaissance and Network Penetration Testing
6. Chapter 4: Reconnaissance and Footprinting 7. Chapter 5: Exploring Active Information Gathering 8. Chapter 6: Performing Vulnerability Assessments 9. Chapter 7: Understanding Network Penetration Testing 10. Chapter 8: Performing Network Penetration Testing 11. Section 3: Red Teaming Techniques
12. Chapter 9: Advanced Network Penetration Testing — Post Exploitation 13. Chapter 10: Working with Active Directory Attacks 14. Chapter 11: Advanced Active Directory Attacks 15. Chapter 12: Delving into Command and Control Tactics 16. Chapter 13: Advanced Wireless Penetration Testing 17. Section 4: Social Engineering and Web Application Attacks
18. Chapter 14: Performing Client-Side Attacks – Social Engineering 19. Chapter 15: Understanding Website Application Security 20. Chapter 16: Advanced Website Penetration Testing 21. Chapter 17: Best Practices for the Real World 22. Other Books You May Enjoy

Understanding cross-site scripting

Cross-site scripting (XSS) is a type of injection-based attack that allows a threat actor to inject client-side scripts into a vulnerable web application. When anyone visits the web page containing the XSS code, the web page is downloaded to the client's web browser and executes with the malicious scripts in the background. XSS attacks are carried out by exploiting web application security vulnerabilities in a dynamically created web page. Threat actors usually perform XSS attacks on vulnerable applications for various reasons, such as redirecting a user to a malicious URL, data theft, manipulation, displaying hidden IFrames, and showing pop-up windows on a victim's web browser.

As an aspiring ethical hacker and penetration tester, it's important to understand the characteristics of various following types of XSS attacks:

  • Stored XSS
  • Reflected XSS
  • Cross-site request forgery (CSRF)

Stored XSS is persistent on...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime