Web 4: XSS, CSP

XSS (Cross-Site Scripting) is a classic web exploit where attackers can inject malicious code into a website. The attacker sends a link to the webpage with the malicious code to the victim. Once the victim visits the link, the attacker's code is executed. XSS is a serious attack, as it can result in stealing the victim's sensitive data like cookies.

CSP (Content Security Policy) is a security measure that prevents attacks like XSS. It does this by restricting the use of scripts, styles, images, etc from different sources.

by Savannah Alanis

Slides

Challenges

The following challenges in increasing difficulty are deployed to platform.lac.ctf to practice the concepts covered in the slides.

Challenge 1 - web/mavs-fan
Challenge 2 - web/purell
Challenge 3 - web/california-state-police (LACTF 2023)

Resources

The following resources are great tools for sql challenges:

CSP Evaluator: Check the strength of a CSP
CSP Bypass Search: A tool designed to help ethical hackers bypass restrictive Content Security Policies.

Psi Beta Rho Wiki

Web 4: XSS, CSP

Slides

Challenges

Resources