HTML Injection and Cross-Site Security (XSS and CSRF) Demonstration

This project demonstrates how to conduct and prevent XSS attacks

Install

git clone <...>
cd demo_xss
bundle install

Execute

ruby app.rb

Now view at the site at http://localhost:4567 or whichever port it is on.

Play

Look at the running site and open the 'hacking instructions' link to see what kind of text input you could enter to conduct a script injection attack.

Search within the code of this project (*.rb and views/*.slim) for 'XSS' -- you should find comments on how make modifications to prevent XSS attacks.

Readings on XSS

Overview of XSS Concepts
- How to Prevent XSS
- An Overview of HTTP Security Headers
XSS Security
- Content Security Policy (CSP)
  - An Introduction to Content Security Policy
  - Content Security Policy 1.0
- Subresource Integrity and CORS
  - Subresource Integrity: Securing CDN loaded assets
Cookie Security
- Protecting Your Cookies: HttpOnly
- Preventing CSRF with the *same-site• cookie attribute

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
views		views
.ruby-version		.ruby-version
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
README.md		README.md
app.rb		app.rb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

HTML Injection and Cross-Site Security (XSS and CSRF) Demonstration

Install

Execute

Play

Readings on XSS

About

Releases

Packages

Contributors 2

Languages

ISS-Security/demo-xss

Folders and files

Latest commit

History

Repository files navigation

HTML Injection and Cross-Site Security (XSS and CSRF) Demonstration

Install

Execute

Play

Readings on XSS

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages