Description: WEBSITE: http://betterphp.co.uk/
In this video I explain what an XSS attack is and tell you one way to prevent them causing problems for your site.
Tags: php , xss , attack , security ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Nice video. However, at the end you state that you'd just blindly send something you pull out of the database to the client. This introduces a gap because there's an assumption that all data in the db was submitted through expected channels. If data is imported from some other system through something like an ETL process, you could still have an XSS issue.
I knew about XSS before this, cleared a few things up and very helpful to beginners
Thanks.