Week 14 - Code injection and XSS

Created Monday 23 November 2020

As we have learned

..it's generally frightfully easy to have people running code where it shouldn't.

Why this is hard (impossible?)

A lot of these vectors are simply "approved" vectors..
i.e. channels that you simply can't control, even though they are official.

Nevertheless, we fight on..

There are also malicious actors:

Harmful or Deceptive code

Bad actors take advantage of flaws in programs,e.g.
"Buffer Overflow" attacks

Another avenue, is carelessness or ignorance:

E.g. USB's on the ground

Yet another vector of attack

is the web.
This is especially difficult, because hyperlinks are designed to be clickable,
so they show up in other places, e.g. email.
(e.g. Phishing)

Also, Javascript

Rush to market =
Language that even its creator says isn't great =
Easy to hack

---

Backlinks: FSU Courses:LIS4774:RawSlides

• About The Site
• Bookmarks
• FSU Courses
  • LIS3353
  • LIS4022
  • LIS4708
  • LIS4774
    • Calendar
    • COMPLETE VM SecNet Instructions
    • First Day Secnet Lab
    • Lab Exercise 1
    • Password Exercise
    • Port Scanning Assignment
    • Project Ideas and Resources
    • RawSlides
    • Second Day Notes
    • Syllabus
    • Term Project Rubric
    • Week 7 Exercise
    • Week 12 -Advanced Thread Modelling and Malicious Software
    • Week 13 - Cybersecurity Policy
    • Week 14 - Code injection and XSS
  • LIS4910
  • LIS5362
  • LIS5364
  • LIS5367
  • LIS5411
  • LIS5417
  • That Time I Turned a Routine Traffic Ticket into the Constitutional Trial of the Century
• Home
• Journal
• Misc
• My Media
• Networking
• On Discord
• On My Online Quizzes
• Project Code Sources
• Self-Hosted Ideas and Resources
• Tech Guides
• Videos
• Web Design