XSS Reference

XSS Attack Types

Stored XSS
Malicious script stored in database, affects all users who view the content.
Reflected XSS
Script in URL parameter, reflected in response without sanitization.
DOM-based XSS
Vulnerability in client-side JS that processes URL/DOM data unsafely.

Prevention Techniques

TechniqueExample
Output Encodinghtmlspecialchars($var, ENT_QUOTES)
CSP HeaderContent-Security-Policy: default-src 'self'
Safe APIselement.textContent = data // not innerHTML
Input ValidationWhitelist allowed characters/patterns
HttpOnly CookieSet-Cookie: session=...; HttpOnly; Secure

관련 도구

🔒 SSL Certificate Checker Check SSL certificate status & expiry 🧮 Password Entropy Calculator Calculate password entropy & strength 🗃 SQL Injection Reference SQL injection testing & defense guide 🛡 CSP Policy Generator Generate Content Security Policy 🔑 OAuth 2.0 Builder Build OAuth 2.0 auth request params 🔍 Sensitive Info Detector Detect secrets & passwords in text 🔒 Hash Algorithm Reference Hash algorithm security reference 🔐 SSL/TLS Reference SSL/TLS versions & cipher suites ref 🎫 JWT Best Practices JWT security guide & common errors 🌐 CORS Security Guide CORS cross-origin security practices Rate Limiting Patterns Token bucket, sliding window algos 🔍 Dependency Audit Reference npm/pip/go dependency audit commands