On Wednesday, 11/18/15, I gave a guest lecture in Partha Dasgupta’s CSE 466 class on Cross-Site Scripting vulnerabilities. As this was an undergrad class, I spent time covering the evolution of HTML, the role of JavaScript on the web, the security model of JavaScript, the browser’s Same Origin Policy, how XSS attacks are about circumventing the Same Origin Policy, how XSS vulnerabilities result from the server-side web application code concatenating string to create HTML output that is sent to the user’s browser, how XSS vulnerabilities can be exploits, and how XSS vulnerabilities can be prevented.

Much of this material is derived from my CSE 591 class, which is a grad class on web security, compressed into a single lecture targeted to undergrads. We did not get to cover client-side XSS vulnerabilities (also called DOM-based XSS) or lots of other cool stuff.

Here is the video of the talk: