What is XSS (Cross-Site Scripting)?
A security vulnerability where attackers inject malicious scripts into web pages viewed by other users.
Why It Matters
XSS attacks can steal user sessions, redirect users, or modify page content to trick people.
Real-World Example
An attacker posting a comment containing a script that steals cookies from anyone who views the page.
“Understanding terms like XSS (Cross-Site Scripting) matters because it helps you have better conversations with developers and make smarter decisions about your software. You do not need to be technical. You just need to know enough to ask the right questions.”
Related Terms
CSRF (Cross-Site Request Forgery)
An attack that tricks a logged-in user's browser into making unwanted requests to a site they are authenticated with.
SQL Injection
An attack where malicious SQL code is inserted into application inputs to manipulate the database.
Sanitisation
Cleaning user input to remove potentially harmful content
Content Security Policy (CSP)
A security header that tells browsers which sources of content are trusted for your website.
Learn More at buildDay Melbourne
Want to understand these concepts hands-on? Join our one-day workshop and build a real web application from scratch.
Related Terms
Sanitisation
Cleaning user input to remove potentially harmful content
CSRF (Cross-Site Request Forgery)
An attack that tricks a logged-in user's browser into making unwanted requests to a site they are authenticated with.
SQL Injection
An attack where malicious SQL code is inserted into application inputs to manipulate the database.
Content Security Policy (CSP)
A security header that tells browsers which sources of content are trusted for your website.
Authentication
The process of verifying who someone is, usually through a username and password
Authorisation
Determining what actions or data a verified user is allowed to access