Cross-Site Scripting (XSS)

Contents

• Introduction Introduction

  • Welcome

    4m 3s
  • About the exam

    6m 53s
• 1. Securing Networks 1. Securing Networks

  • Securing networks

    6m 48s
  • Switches

    7m 27s
  • (Locked)
    Routers

    8m 27s
  • (Locked)
    Wireless and mesh

    3m 23s
  • (Locked)
    Firewalls

    11m 30s
  • (Locked)
    Proxies

    6m 59s
  • (Locked)
    Gateways

    4m 39s
  • (Locked)
    IDS and IPS

    6m 29s
  • (Locked)
    Network access control

    2m 56s
  • (Locked)
    Remote access

    8m 59s
  • (Locked)
    Unified communication

    19m 8s
  • (Locked)
    Cloud vs. on-premises

    4m 49s
  • (Locked)
    DNSSEC

    4m 16s
  • (Locked)
    Load balancer

    6m 48s
• 2. Securing Architectures 2. Securing Architectures

  • Securing architectures

    1m 16s
  • Traffic mirroring

    4m 23s
  • (Locked)
    Network sensors

    11m 46s
  • (Locked)
    Host sensors

    6m 15s
  • (Locked)
    Layer 2 segmentation

    5m 14s
  • (Locked)
    Network segmentation

    13m 14s
  • (Locked)
    Server segmentation

    10m 51s
  • (Locked)
    Zero trust

    6m 37s
  • (Locked)
    Merging networks

    5m 32s
  • (Locked)
    Software-defined networking

    5m 27s
• 3. Infrastructure Design 3. Infrastructure Design

  • Infrastructure design

    1m 9s
  • Scalability

    5m 39s
  • (Locked)
    Resiliency issues

    12m 49s
  • (Locked)
    Automation

    6m 26s
  • (Locked)
    Performance design

    6m 3s
  • (Locked)
    Virtualization

    8m 19s
  • (Locked)
    Containerization

    5m 48s
• 4. Cloud and Virtualization 4. Cloud and Virtualization

  • Cloud and virtualization

    1m 6s
  • Cloud deployment models

    4m 34s
  • (Locked)
    Cloud service models

    5m 7s
  • (Locked)
    Deployment considerations

    4m 57s
  • (Locked)
    Provider limitations

    2m 59s
  • (Locked)
    Extending controls

    5m 6s
  • (Locked)
    Provisioning and deprovision

    2m 59s
  • (Locked)
    Storage models

    5m 22s
  • (Locked)
    Virtualization

    7m 56s
• 5. Software Applications 5. Software Applications

  • Software applications

    2m 42s
  • Systems development lifecycle

    6m 36s
  • (Locked)
    Software development lifecycle

    5m 52s
  • (Locked)
    Development approaches

    10m 51s
  • (Locked)
    Software assurance

    8m 56s
  • (Locked)
    Baselines and templates

    6m 31s
  • (Locked)
    Best practices

    6m 7s
  • (Locked)
    Integrating applications

    4m 31s
• 6. Data Security 6. Data Security

  • Data security

    3m 36s
  • Data lifecycle

    10m 29s
  • (Locked)
    Data classification

    6m 55s
  • (Locked)
    Labeling and tagging

    8m 11s
  • (Locked)
    Deidentification

    11m 3s
  • (Locked)
    Data encryption

    7m 32s
  • (Locked)
    Data loss prevention (DLP)

    10m 1s
  • (Locked)
    DLP detection

    6m 42s
  • (Locked)
    Data loss detection

    11m 34s
• 7. Authentication and Authorization 7. Authentication and Authorization

  • Authentication and authorization

    1m 44s
  • Access control

    4m 47s
  • (Locked)
    Credential management

    4m 27s
  • (Locked)
    Password policies

    8m 2s
  • (Locked)
    Multifactor authentication

    8m 25s
  • (Locked)
    Authentication protocols

    10m
  • (Locked)
    Federation

    7m 2s
  • (Locked)
    Root of trust

    4m 24s
  • (Locked)
    Attestation

    2m 14s
  • (Locked)
    Identity proofing

    3m 33s
• 8. Cryptography 8. Cryptography

  • Cryptography

    1m 48s
  • Privacy and confidentiality

    6m 32s
  • (Locked)
    Integrity

    6m 30s
  • (Locked)
    Compliance and policy

    3m 33s
  • (Locked)
    Data states

    7m 2s
  • (Locked)
    Cryptographic use cases

    6m 17s
  • (Locked)
    PKI use cases

    8m 41s
• 9. Emerging Technology 9. Emerging Technology

  • Emerging technology

    4m 18s
  • Artificial intelligence and machine learning

    8m 55s
  • (Locked)
    Deep learning

    8m 58s
  • (Locked)
    Big data

    4m 40s
  • (Locked)
    Blockchain distributed consensus

    5m 36s
  • (Locked)
    Passwordless authentication

    5m 17s
  • (Locked)
    Homomorphic encryption

    3m 37s
  • (Locked)
    Virtual and augmented reality

    4m 32s
  • (Locked)
    3D printing

    3m 3s
  • (Locked)
    Quantum computing

    5m 34s
• 10. Threat and Vulnerability Management 10. Threat and Vulnerability Management

  • (Locked)
    Threat and vulnerability management

    1m 56s
  • (Locked)
    Threat intelligence

    6m 19s
  • (Locked)
    Threat hunting

    6m 43s
  • (Locked)
    Intelligence collection

    11m 9s
  • (Locked)
    Threat actors

    9m 21s
  • (Locked)
    Threat management frameworks

    12m 45s
  • (Locked)
    Vulnerability management activities

    11m 44s
  • (Locked)
    Security Content Automation Protocol

    7m 21s
• 11. Vulnerability Assessments 11. Vulnerability Assessments

  • (Locked)
    Vulnerability assessments

    1m 35s
  • (Locked)
    Penetration test

    4m 49s
  • (Locked)
    Pen test steps

    7m 2s
  • (Locked)
    Pen test requirements

    11m 25s
  • (Locked)
    Code analysis

    8m 29s
  • (Locked)
    Protocol analysis

    7m 52s
  • (Locked)
    Analysis utilities

    5m 19s
• 12. Risk Reduction 12. Risk Reduction

  • (Locked)
    Risk reduction

    1m 32s
  • (Locked)
    Deceptive technologies

    5m 1s
  • (Locked)
    Security data analytics

    8m 5s
  • (Locked)
    Preventative controls

    5m 10s
  • (Locked)
    Application controls

    9m 42s
  • (Locked)
    Security automation

    10m 42s
  • (Locked)
    Physical security

    6m 44s
• 13. Analyzing Vulnerabilities 13. Analyzing Vulnerabilities

  • (Locked)
    Analyzing vulnerabilities

    1m 22s
  • (Locked)
    Race conditions

    4m 58s
  • (Locked)
    Buffer overflows

    12m 27s
  • (Locked)
    Authentication and references

    5m 56s
  • (Locked)
    Ciphers and certificates

    10m 46s
  • (Locked)
    Improper headers

    6m 9s
  • (Locked)
    Software composition

    9m 49s
  • (Locked)
    Vulnerable web applications

    11m 45s
• 14. Attacking Vulnerabilities 14. Attacking Vulnerabilities

  • (Locked)
    Attacking vulnerabilities

    1m 15s
  • (Locked)
    Directory traversals

    9m 48s
  • (Locked)
    Cross-Site Scripting (XSS)

    8m 59s
  • (Locked)
    Cross-site request forgery (CSRF)

    7m 15s
  • (Locked)
    SQL injections

    7m 5s
  • (Locked)
    XML injections

    6m 29s
  • (Locked)
    Other injection attacks

    4m 21s
  • (Locked)
    Authentication bypass

    6m 45s
  • (Locked)
    VM attacks

    4m 52s
  • (Locked)
    Network Attacks

    11m 3s
  • (Locked)
    Social engineering

    7m 15s
• 15. Indicators of Compromise 15. Indicators of Compromise

  • (Locked)
    Indicators of compromise

    1m 49s
  • (Locked)
    Types of IoCs

    3m 55s
  • (Locked)
    PCAP files

    4m 16s
  • (Locked)
    NetFlow

    7m 7s
  • (Locked)
    Logs

    7m 3s
  • (Locked)
    IoC notifications

    7m 40s
  • (Locked)
    Response to IoCs

    5m 15s
• 16. Incident Response 16. Incident Response

  • (Locked)
    Incident response

    1m 26s
  • (Locked)
    Triage

    8m 4s
  • (Locked)
    Communication plan

    10m 6s
  • (Locked)
    Stakeholder management

    7m 12s
  • (Locked)
    Incident response process

    10m 22s
  • (Locked)
    Playbooks

    8m 28s
• 17. Digital Forensics 17. Digital Forensics

  • (Locked)
    Digital forensics

    1m 4s
  • (Locked)
    Forensic process

    4m 15s
  • (Locked)
    Chain of custody

    7m 6s
  • (Locked)
    Order of volatility

    6m 31s
  • (Locked)
    Forensic analysis

    6m 41s
• 18. Digital Forensic Tools 18. Digital Forensic Tools

  • (Locked)
    Digital forensic tools

    2m 22s
  • (Locked)
    Forensic workstations

    5m 11s
  • (Locked)
    File carving tools

    3m 36s
  • (Locked)
    Binary analysis tools

    7m 11s
  • (Locked)
    Forensic analysis tools

    8m 11s
  • (Locked)
    Imaging tools

    7m 48s
  • (Locked)
    Collection tools

    6m 16s
• 19. Enterprise Mobility 19. Enterprise Mobility

  • (Locked)
    Enterprise mobility

    2m 36s
  • (Locked)
    Enterprise mobility management

    9m 36s
  • (Locked)
    WPA3

    7m 20s
  • (Locked)
    Connectivity options

    8m 48s
  • (Locked)
    Security configurations

    8m 8s
  • (Locked)
    DNS protection

    3m 15s
  • (Locked)
    Deployment options

    4m 38s
  • (Locked)
    Reconnaissance concerns

    8m
  • (Locked)
    Mobile security

    7m 50s
• 20. Endpoint Security Controls 20. Endpoint Security Controls

  • (Locked)
    Endpoint security controls

    2m 24s
  • (Locked)
    Device hardening

    8m 30s
  • (Locked)
    Patching

    4m 41s
  • (Locked)
    Security settings

    5m 41s
  • (Locked)
    Mandatory access controls (MAC)

    6m 44s
  • (Locked)
    Secure boot

    5m 49s
  • (Locked)
    Hardware encryption

    4m 48s
  • (Locked)
    Endpoint protections

    9m 54s
  • (Locked)
    Logging and monitoring

    6m 14s
  • (Locked)
    Resiliency

    6m 4s
• 21. Cloud Technologies 21. Cloud Technologies

  • (Locked)
    Cloud technologies

    2m 37s
  • (Locked)
    Business continuity and disaster recovery

    7m 51s
  • (Locked)
    Cloud encryption

    5m 23s
  • (Locked)
    Serverless computing

    8m 54s
  • (Locked)
    Software-defined networking (SDN)

    6m 52s
  • (Locked)
    Log collection and analysis

    4m 22s
  • (Locked)
    Cloud application security broker

    6m 16s
  • (Locked)
    Cloud misconfigurations

    10m 57s
• 22. Operational Technologies 22. Operational Technologies

  • (Locked)
    Operational technologies

    2m 5s
  • (Locked)
    Embedded systems

    10m 28s
  • (Locked)
    ICS and SCADA

    9m 18s
  • (Locked)
    ICS protocols

    10m 54s
  • (Locked)
    Industries and sectors

    4m 51s
• 23. Hashing and Symmetric Algorithms 23. Hashing and Symmetric Algorithms

  • (Locked)
    Hashing and symmetric algorithms

    1m 13s
  • (Locked)
    Hashing

    6m 55s
  • (Locked)
    Message authentication

    3m 33s
  • (Locked)
    Symmetric algorithms

    5m 43s
  • (Locked)
    Stream ciphers

    4m 32s
  • (Locked)
    Block ciphers

    10m 1s
• 24. Asymmetric Algorithms 24. Asymmetric Algorithms

  • (Locked)
    Asymmetric algorithms

    2m 11s
  • (Locked)
    Using asymmetric algorithms

    9m 28s
  • (Locked)
    SSL, TLS, and cipher suites

    8m 21s
  • (Locked)
    S/MIME and SSH

    7m 27s
  • (Locked)
    EAP

    5m 39s
  • (Locked)
    IPSec

    14m 34s
  • (Locked)
    Elliptic curve cryptography (ECC)

    3m 33s
  • (Locked)
    Forward secrecy

    3m 35s
  • (Locked)
    Authenticated encryption with associated data (AEAD)

    1m 53s
  • (Locked)
    Key stretching

    4m 30s
• 25. Public Key Infrastructure 25. Public Key Infrastructure

  • (Locked)
    Public key infrastructure

    4m 30s
  • (Locked)
    PKI components

    10m 18s
  • (Locked)
    Digital certificates

    7m 44s
  • (Locked)
    Using digital certificates

    5m 40s
  • (Locked)
    Trust models

    4m 28s
  • (Locked)
    Certificate management

    2m 44s
  • (Locked)
    Certificate validity: CRL and OCSP

    3m 48s
  • (Locked)
    Protecting web traffic

    3m 30s
  • (Locked)
    Troubleshooting certificates

    5m 22s
  • (Locked)
    Troubleshooting keys

    3m 35s
• 26. Data Considerations 26. Data Considerations

  • (Locked)
    Data considerations

    57s
  • (Locked)
    Data security

    3m 44s
  • (Locked)
    Data classification

    2m 47s
  • (Locked)
    Data types

    5m 24s
  • (Locked)
    Data retention

    6m 56s
  • (Locked)
    Data destruction

    2m 55s
  • (Locked)
    Data ownership

    5m 34s
  • (Locked)
    Data sovereignty

    3m 18s
• 27. Risk Management 27. Risk Management

  • (Locked)
    Risk management

    1m 31s
  • (Locked)
    Risk strategies

    4m 30s
  • (Locked)
    Risk management lifecycle

    11m 52s
  • (Locked)
    Risk types

    3m 3s
  • (Locked)
    Risk handling

    8m 33s
  • (Locked)
    Risk tracking

    5m 7s
  • (Locked)
    Risk assessment

    18m
  • (Locked)
    When risk management fails

    3m 44s
• 28. Policies and Frameworks 28. Policies and Frameworks

  • (Locked)
    Policies and frameworks

    1m 24s
  • (Locked)
    Policies

    12m 1s
  • (Locked)
    Frameworks

    4m 52s
  • (Locked)
    Regulations

    8m 8s
  • (Locked)
    Standards

    6m 11s
  • (Locked)
    Contracts and agreements

    9m 23s
  • (Locked)
    Legal considerations

    7m 2s
  • (Locked)
    Integrating industries

    3m 29s
• 29. Business Continuity 29. Business Continuity

  • (Locked)
    Business continuity

    1m 11s
  • (Locked)
    Business continuity plan

    13m 43s
  • (Locked)
    Business impact analysis

    13m 52s
  • (Locked)
    Privacy impact analysis

    3m 53s
  • (Locked)
    Incident response plan

    10m 58s
  • (Locked)
    Testing plans

    7m 10s
• 30. Risk Strategies 30. Risk Strategies

  • (Locked)
    Risk strategies

    1m 32s
  • (Locked)
    Asset value

    4m 4s
  • (Locked)
    Access control

    6m 21s
  • (Locked)
    Aggregating risk

    3m 7s
  • (Locked)
    Scenario planning

    8m 21s
  • (Locked)
    Security controls

    9m 16s
  • (Locked)
    Security solutions

    8m 54s
  • (Locked)
    Cost of a data breach

    6m 1s
• 31. Vendor Risk 31. Vendor Risk

  • (Locked)
    Vendor risk

    4m 1s
  • (Locked)
    Business models

    11m 5s
  • (Locked)
    Influences

    7m 25s
  • (Locked)
    Organizational changes

    6m 11s
  • (Locked)
    Shared responsibility model

    4m 50s
  • (Locked)
    Viability and support

    10m 50s
  • (Locked)
    Dependencies

    4m 39s
  • (Locked)
    Considerations

    10m 35s
  • (Locked)
    Supply chain

    5m 59s