In this chapter, we discussed the XSS flaw in detail. We began by looking at the origin of the vulnerability and how it evolved over the years. You then learned about the different forms of XSS and their attack potential. We also analyzed how an attacker can make use of different JavaScript capabilities to perform a variety of actions in the victim's browser, such as stealing session cookies, logging key presses, defacing websites, and remotely controlling a web browser. Kali Linux has several tools to test and exploit the XSS flaw. We used XSSer and XSS-Sniper to detect vulnerabilities in a web application. In the last section, we reviewed the general measures that should be taken in order to prevent or fix a XSS vulnerability in a web application.
In the next chapter we describe Cross-Site Request Forgery and show how it can be exploited to trick an authenticated user into performing undesired actions, recommendation on how to prevent such flaws is also given.