Cross-site scripting (XSS) injections empower attackers to manipulate a victim’s web browser to run malicious scripts disguised as actual web server processes. This makes them seem trusted, and incredibly dangerous as easy entry points into a network. While fairly simple to execute and prevent, they are still extremely prevalent in modern web applications.
This session explores the main methods of delivering XSS attacks - Reflected, Stored, and DOM-based - and the real threat of session hijacking.
Speaker: Mark Shaneck, Senior Cybersecurity Content Architect
Mark Shaneck is an experienced educator and trainer at SimSpace. For the past four years, Mark has been developing cybersecurity training content, after a decade as a professor of Computer Science and Cybersecurity at Liberty University, where he founded the Masters in Cybersecurity program. He has also consulted for several years as a penetration tester in the financial and retail sectors.
Mark holds a Bachelor of Science in Computer Science and a Bachelor of Arts in Mathematics from Rutgers University, as well as a Masters and Ph.D. in Computer Science from the University of Minnesota, with a dissertation in secure distributed cryptography and research in intrusion detection alert correlation. In addition, Mark holds the OSCP, OSCE, and OSWE certifications from Offensive Security.