s - s i t e s c r i p t i n g ( X S S )
- The webpage is loaded, and the
malicious code copies the user’s
cookies. - The system sends an HTTP
request to an attacker’s web server
with the stolen cookies in the body
of the request. - The attacker can then use cookies
to access sensitive data.
an
d
san
itiz
e
inp
ut
dat
a.Em
plo
y
coo
kie
sec
urit
y,
suc
h
as
tim
eou
ts,
enc
odi
ng
the
clie
nt
IP
ad
dre
ss,
an
d
so
on.P h i s h i n g
A threat actor procures sensitive
information—typically usernames,
passwords, and so on—from emails or web
pages.
Ed
uca
te
use
rs
to
avo
id
fall
ing