Home › Software Testing › Software Testing › advanced_security_performance › Cross Site Scripting (XSS) is primarily a
Cross Site Scripting (XSS) is primarily a
AClient side attack via injected scripts
BServer side attack on database engines
CNetwork layer attack on TCP packets
DDisk attack on file system permissions
Answer & Solution
Correct answer: A. Client side attack via injected scripts
XSS exploits insufficient output encoding so attacker scripts run in victim browsers. Variants: reflected (URL), stored (DB), DOM-based. Mitigations: context-aware output encoding, CSP, sanitisation libraries.
Related questions
Test coverage is BEST described asContinuous Testing in DevOps meansIn the V model of SDLC, system testing corresponds to'Test data' management addressesIn ISTQB terminology, a 'test oracle' isAcceptance Test Driven Development (ATDD) emphasisesTest Driven Development uses the rhythm ofRecovery testing simulates