Robuta

I am one of the leaders of the OWASP Bay Area group, and we’ve had some great local meetups recently—one at Twitter and another at Netflix. At the N

Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to execute a...

Abstract Naive use of the extremely popular JavaScript framework AngularJS is exposing numerous websites to Angular Template Injection. This relatively low...

Of the three main types of XSS, DOM-based XSS is by far the most difficult to find and exploit. But we come bearing good news! PortSwigger just released a new...

In this potluck episode, Scott and Wes answer developer questions on topics like Target blank links security, Stencil JS, senior developers, Angular careers,...

This vector shows which events fire without user interaction inside a math tag

Abstract PDF documents and PDF generators are ubiquitous on the web, and so are injection vulnerabilities. Did you know that controlling a measly HTTP...

Learn what code vulnerable to XSS in Phoenix looks like.

Modern web browsers and applications utilize a variety of security measures to protect against CSRF and XSS vulnerabilities, rendering their exploitation mor...

Aug 22, 2025 - The Lenovo AI Chatbot Incident shows how a 400-char prompt triggered a critical XSS flaw, proving AI systems can turn simple exploits into major security risks.

RDoc documentation generated by rdoc bundled with ruby are vulnerable toan XSS exploit. All ruby users are recommended to update ruby to newerversion which i...

Some time ago, Michał Bentkowski published an XSS challenge on his twitter. I accepted the challenge, and here is my story.

Dec 17, 2025 - Can a simple script — a trivial visual effect — put your application at risk? Oh yes. And you might... Tagged with webdev, javascript, security, frontend.

Oct 5, 2025

Put your security knowledge to the test with this quiz! Can you prevent an attacker from taking control of an HTML page?

Learn how to stop SQL injection, cross-site scripting, and other known attacks with Traefik's Web Application Firewall (WAF).

Jan 2, 2025 - Easily grow your cybersecurity maturity by learning to counter the top security vulnerability, cross-site scripting (XSS)!

Sep 8, 2025 - [Tip #121] Technically, XSS involves injecting malicious Javascript, but sometimes you don't need any JS to get up to mischief! 😈

Alex Sexton from Stripe discusses CSP (Content Security Policy) and client side security best practices, drawing on 11 years of experience at Stripe.

Electron Browser XSS TEST

Open source Java HTML parser, with the best of HTML5 DOM methods and CSS selectors, for easy data extraction.

At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it's behaving...

Jul 24, 2025 - Die Domain xss.is ist beschlagnahmt. Einen Admin des Fraud-Forums verhaftete man am Dienstag. Der Mann soll 7 Millionen Euro verdient haben.

Jan 3, 2026 - Usually, a website or web app displays information from the server. However, as users, we can also... Tagged with tryhackme, xss, security.