In this chapter, we discussed the cross-site scripting flaw in detail. We started by understanding the origin of the vulnerability and how it evolved over the years. We then learned about the different forms of XSS and their attack potential. JavaScript is the key to a successful XSS attack; we used it to steal cookies, log key presses, and deface websites. Kali Linux has several tools to test and exploit the XSS flaw, using which we tested the DVWA application. We then moved on to cross-site request forgery and gained knowledge about the different dependencies to execute the attack and the attack methodology.

In the next chapter, we will discuss the encryption used in web applications and different ways to attack them.