Thursday ThreatCast: How Cyber Criminals Use XSS and Session Hijacking

Logo
Presented by

Mark Shaneck, Senior Cybersecurity Content Architect

About this talk

Cross-site scripting (XSS) injections empower attackers to manipulate a victim’s web browser to run malicious scripts disguised as actual web server processes. This makes them seem trusted, and incredibly dangerous as easy entry points into a network. While fairly simple to execute and prevent, they are still extremely prevalent in modern web applications. This session explores the main methods of delivering XSS attacks - Reflected, Stored, and DOM-based - and the real threat of session hijacking. Speaker: Mark Shaneck, Senior Cybersecurity Content Architect Mark Shaneck is an experienced educator and trainer at SimSpace. For the past four years, Mark has been developing cybersecurity training content, after a decade as a professor of Computer Science and Cybersecurity at Liberty University, where he founded the Masters in Cybersecurity program. He has also consulted for several years as a penetration tester in the financial and retail sectors. Mark holds a Bachelor of Science in Computer Science and a Bachelor of Arts in Mathematics from Rutgers University, as well as a Masters and Ph.D. in Computer Science from the University of Minnesota, with a dissertation in secure distributed cryptography and research in intrusion detection alert correlation. In addition, Mark holds the OSCP, OSCE, and OSWE certifications from Offensive Security.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (24)
Subscribers (2621)
SimSpace delivers a cybersecurity risk management platform, instilling confidence in an organization’s cybersecurity talent and technologies. With SimSpace, security teams, operational processes, and environments are continuously tested, readily available, and optimally tuned to defend against advanced adversaries.