Effective CISSP Questions

Cross-Site Scripting (XSS) is one of the most well-known application security risks in the OWASP Top 10. The attacker sends text-based attack scripts that exploit the interpreter in the browser to hijack user sessions, insert hostile content, redirect users, etc. Which of the following statements about XSS is correct? (Wentz QOTD)
A. Detection of most XSS flaws is fairly easy via testing or code analysis.
B. XSS is initiated only if a user clicks a link or button that activates malicious scripts.
C. XSS is subject to and thwarted by the Cross-Origin Resource Sharing (CORS) policy.
D. Malicious scripts that hijack user sessions are stored and executed on the webserver.

Read more of this post

Wentz Wu | September 2, 2021 at 12:12 pm | Categories: QOTD, Technology, 每日一題 | URL: https://wp.me/p2X0VJ-8Ao
Comment