Injection attacks are the number one vulnerability found in web applications. In this lesson, I’ll demonstrate some of the many attack vectors that allow an attacker to inject data using JavaScript or PHP in a reflected XSS attack. I’ll also demonstrate the built-in protections that JavaScript and PHP have to guard against this, as well as mention JavaScript frameworks that have built-in protections.

Related Links

• Penetration Testing
• Fuzz Testing
• Firefox Web Security Add-ons
• Angular Sanitize
• Mozilla Developer Network: TextContent
• Filter Types List
• HTMLEntities
• PDO Quote
• Prepared Statements
• SwiftMailer
• PHPMailer
• UUID