Join now Sign in

From the course: Writing Secure Code for Android by Infosec

Unlock this course with a free trial

Join today to access over 25,400 courses taught by industry experts.

Cross-site attacks

Cross-site attacks

From the course: Writing Secure Code for Android by Infosec

Start my 1-month free trial Buy for my team

Cross-site attacks

“

- Let's talk about one of the biggest problems in hacking right now. This involves your app, a website, and a user who's been fooled into doing something that they shouldn't do. Let's talk about cross-site attacks. A cross-site attack is not language-specific, it's not a language specific problem. It's a result of lazy coding, bad coding combined with social engineering. And it usually occurs on websites. And there are two kinds, and we'll talk about them. The primary issue is lack of input sanitization. If your app interacts with a website such as allowing users to post or read comments, you need to make sure that you don't inadvertently pass scripts hidden in the HTML. You don't want to pass them to the website. You don't want to pass them to the device browser. Now, the two major categories of cross-site attacks are cross-site scripting and cross-site request forgery. Let's start with cross-site scripting. This is where your client, your browser trusts a compromised website and a…

Contents

- (Locked)
  
  Final thoughts
  
  40s