Electrical Engineering & Computer Science (EECS) < University of California Irvine
Over time, the type of vulnerabilities seen in the web app landscape changes. One that has persisted year in, year out, is cross-site scripting. This post aims to illustrate how cross-site scripting attacks may be utilised in real world scenarios as well as a number of evasion techniques. Typically, people will deploy a ready built WAF web application firewall over developing their own mitigation techniques; some times this is not an option or one that is simply not chosen. When writing code to validate the requests parameters and look for dangerous strings, it very much becomes a cat and mouse game.