Key Concepts

Review core concepts you need to learn to master this subject

Cross-Site Scripting (XSS)

<script>alert(1);</script> <img src="X" onerror=alert(1);> <b onmouseover=alert(1)>click me!</b> <body onload=alert('test1')>

Cross-Site Scripting (XSS) is a vulnerability that occurs when a web application returns unsanitized input to the front end of an application.

Three types of XSS attacks are:

  • Stored XSS: when a server saves an attacker’s input into its datastores.
  • Reflected XSS: when a user’s input is immediately returned back to the user.
  • DOM-Based XSS: when user input is interpreted by the DOM, an attacker could inject arbitrary code.

The code shows examples of HTML tags that help attackers inject dangerous input.

Malware
Lesson 1 of 1
  1. 1
    It’s your first day on the job at Cybercademy — a new cybersecurity organization that helps companies improve their security practices. ### Your Task Identify various types of malware on an …
  2. 2
    First, you open the web browser. The first page it opens to is a strange page about a computer cleaner that’s “guaranteed to make your computer run 10X faster!!”. What an odd choice for a homepage….
  3. 3
    You navigate to your client’s email. Immediately, you see that your client opened some emails sent from an odd email address. You open the emails and see that the client clicked on links and likely…
  4. 4
    What type of virus is this? You check your client’s “Sent Emails” folder and notice your client recently sent the same email to everyone on their contacts list. The emails have the same subject lin…
  5. 5
    Wow, what a disaster computer. Hm, when you type, there seems to be a slight delay before some of the characters show up. What’s going on? Oh no! It looks like your client may be in deeper trouble…
  6. 6
    While the presence of spyware makes it obvious something nefarious was installed on the computer, was anything else installed? Ugh, of course. After more digging, you find a Trojan Horse. Wow, is …
  7. 7
    What exactly is the Trojan Horse up to? What was it trying to do? You have to find the answer. Scanning the device, you find that this horrible device just keeps getting worse; the Trojan horse wa…
  8. 8
    The rootkit allowed someone access to this computer. What did they do with that access? You realize that the rootkit was used to deny the user access to files on their system that contain lots of i…
  9. 9
    It seems like nothing else could go wrong with this computer. If this was a game of malware bingo, you would be one step away from winning the jackpot. For fun, you investigate some command-line pr…
  10. 10
    What a day! On that horrible machine, you discovered: * Malware: Malicious code inserted into a system to cause damage or gain unauthorized access to a network * Adware: Unwanted software des…

How you'll master it

Stress-test your knowledge with quizzes that help commit syntax to memory

Pro Logo