Security+ QOTD: Don’t eat stale cookies…


Security+ Question of the day: What are we seeing in the code shown in the figure? (see answer below and video response.)



We are seeing cross-site scripting (XSS) code – specifically, stored XSS implemented by way of a Javascript. This can be prevented by secure code review and a web application firewall (WAF) as well as (for the individual) blocking Javascript within the browser.

Video answer: